00f86009bb087fc44df44749d66204d5c05aaf006898701498ad38e7d9398678 | Triage

Sharing

General

Target

00f86009bb087fc44df44749d66204d5c05aaf006898701498ad38e7d9398678
Size

5.7MB
Sample

240531-1dwksseb2t
MD5

55214c7a9a84ec15fbc962a9e8e481ca
SHA1

e56ec43ecd72721e6fb95d6243593a90b7f6b59c
SHA256

00f86009bb087fc44df44749d66204d5c05aaf006898701498ad38e7d9398678
SHA512

b68edb72163cf1b6f9c8fe10b94ef59302030a237e397eb50e6e97156bad7e255a8d50b6cc44664199c6420faaeb8eefd4e2a78f92e4600aac768ca48982cc39
SSDEEP

49152:2PfPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTP:EKUgTH2M2m9UMpu1QfLczqssnKSk

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  00f86009bb087fc44df44749d66204d5c05aaf006898701498ad38e7d9398678
- Size
  
  5.7MB
- MD5
  
  55214c7a9a84ec15fbc962a9e8e481ca
- SHA1
  
  e56ec43ecd72721e6fb95d6243593a90b7f6b59c
- SHA256
  
  00f86009bb087fc44df44749d66204d5c05aaf006898701498ad38e7d9398678
- SHA512
  
  b68edb72163cf1b6f9c8fe10b94ef59302030a237e397eb50e6e97156bad7e255a8d50b6cc44664199c6420faaeb8eefd4e2a78f92e4600aac768ca48982cc39
- SSDEEP
  
  49152:2PfPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTP:EKUgTH2M2m9UMpu1QfLczqssnKSk
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2