559a26ca8bb1deb95e523fa48f67c3603d024ad0b68a138fd82519a457e1ef03 | Triage

Sharing

General

Target

2024-05-29_2e069a24c03cb645aa25f51e3acaeb25_bkransomware
Size

96KB
Sample

240529-y6wp6agg2x
MD5

2e069a24c03cb645aa25f51e3acaeb25
SHA1

de0372a739a654281838360af5ada18041550e95
SHA256

559a26ca8bb1deb95e523fa48f67c3603d024ad0b68a138fd82519a457e1ef03
SHA512

a72a7ac00ba3f0e89f09af45768808c6acc65ef3e206b445dcef1f6f90125c89e153d3579255ca8de1569c867033e982e41b8dc31267c543ff7100a04c7fe63c
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTO9+EOrMEu0bBWedtfF:ZRpAyazIliazTNEMvjfF

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-05-29_2e069a24c03cb645aa25f51e3acaeb25_bkransomware
- Size
  
  96KB
- MD5
  
  2e069a24c03cb645aa25f51e3acaeb25
- SHA1
  
  de0372a739a654281838360af5ada18041550e95
- SHA256
  
  559a26ca8bb1deb95e523fa48f67c3603d024ad0b68a138fd82519a457e1ef03
- SHA512
  
  a72a7ac00ba3f0e89f09af45768808c6acc65ef3e206b445dcef1f6f90125c89e153d3579255ca8de1569c867033e982e41b8dc31267c543ff7100a04c7fe63c
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTO9+EOrMEu0bBWedtfF:ZRpAyazIliazTNEMvjfF
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer