1c7d8b58c9bb761043fedde862f002afb7004fd94a8ee991f22edb97353f79f2 | Triage

Sharing

General

Target

1c7d8b58c9bb761043fedde862f002afb7004fd94a8ee991f22edb97353f79f2
Size

92KB
Sample

240529-rp2rhsaa54
MD5

0d5e3dcf180d8839c227f3823c3e5dd8
SHA1

94270624c73dff91abf8e13d36af865bf9c6ba8d
SHA256

1c7d8b58c9bb761043fedde862f002afb7004fd94a8ee991f22edb97353f79f2
SHA512

8ea81e54a2a697597d99e94fa0410ee7df1038697fbdaa2b7471580955e6245d5e0f68b9846a3c4541e0f41dd94afcf6cbd9c437904562c2862b46eeeac8e357
SSDEEP

1536:6Hcx1aeg1v9OQZVUKM6+kKpdyapmebn4ddJZeY86iLflLJYEIs67rxo:6Hf9lOzKM5pMLK4ddJMY86ipmns6S

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  1c7d8b58c9bb761043fedde862f002afb7004fd94a8ee991f22edb97353f79f2
- Size
  
  92KB
- MD5
  
  0d5e3dcf180d8839c227f3823c3e5dd8
- SHA1
  
  94270624c73dff91abf8e13d36af865bf9c6ba8d
- SHA256
  
  1c7d8b58c9bb761043fedde862f002afb7004fd94a8ee991f22edb97353f79f2
- SHA512
  
  8ea81e54a2a697597d99e94fa0410ee7df1038697fbdaa2b7471580955e6245d5e0f68b9846a3c4541e0f41dd94afcf6cbd9c437904562c2862b46eeeac8e357
- SSDEEP
  
  1536:6Hcx1aeg1v9OQZVUKM6+kKpdyapmebn4ddJZeY86iLflLJYEIs67rxo:6Hf9lOzKM5pMLK4ddJMY86ipmns6S
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2