5316fc2cb4c54ba46a42e77e9ee387d158f0f3dc7456a0c549f9718b081c6c26 | Triage

Sharing

General

Target

1.zip
Size

768KB
Sample

240527-sq2ctagf9s
MD5

763d557c3e4c57f7d6132a444a930386
SHA1

77aaf9c8b944f7178067430aef42f60a2ac1f41c
SHA256

5316fc2cb4c54ba46a42e77e9ee387d158f0f3dc7456a0c549f9718b081c6c26
SHA512

b3bc950079330bcf31490eb704f712a99e1832ad931e3905132425f957ae1ef4509fd4b6075a0cb001843cad07650cfea65dc678eb323400593ee983f46fa4ab
SSDEEP

24576:0sJBgav2i0qpqYBEmjXMNQjzpb57QU8ONZ:0sP7v2WdBEe4UFNZ

Score

7^/10

execution spyware stealer

Malware Config

Targets

- Target
  
  Autoit3.exe
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

7^/10

execution spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionspywarestealer