99865340e528c09e63faf4580ae0fb998eef9b7b3d33ce3fdec66009b660c93e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99865340e528c09e63faf4580ae0fb998eef9b7b3d33ce3fdec66009b660c93e
Size

270KB
Sample

240527-slz9yshf49
MD5

568ea9c59452649fa7dbcb371bea27e4
SHA1

3f73dce13f36e54ac53d37e1d3e776b6c9352390
SHA256

99865340e528c09e63faf4580ae0fb998eef9b7b3d33ce3fdec66009b660c93e
SHA512

dcc22834c41456759b133c9d9ad3da2cfd87e4e9fca00855c8529c3f5578bc1ae4a0fe7f08dac0dcd4c76b26f1b23d8787db03c12d5fd1ce0906bf6df2f6650d
SSDEEP

3072:FWf9qe1ISVwLta5+f8NM4fw0xHSlvrw/uBrtGQWR7ro8WHFi5bZV1J8ULOy6:U1qe1IS4fEfw0wvMmqQGg8W45NBnL6

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  99865340e528c09e63faf4580ae0fb998eef9b7b3d33ce3fdec66009b660c93e
- Size
  
  270KB
- MD5
  
  568ea9c59452649fa7dbcb371bea27e4
- SHA1
  
  3f73dce13f36e54ac53d37e1d3e776b6c9352390
- SHA256
  
  99865340e528c09e63faf4580ae0fb998eef9b7b3d33ce3fdec66009b660c93e
- SHA512
  
  dcc22834c41456759b133c9d9ad3da2cfd87e4e9fca00855c8529c3f5578bc1ae4a0fe7f08dac0dcd4c76b26f1b23d8787db03c12d5fd1ce0906bf6df2f6650d
- SSDEEP
  
  3072:FWf9qe1ISVwLta5+f8NM4fw0xHSlvrw/uBrtGQWR7ro8WHFi5bZV1J8ULOy6:U1qe1IS4fEfw0wvMmqQGg8W45NBnL6
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2