26e27eb7b21105bd43a9c76e1855c9957b48fda96b9f1803cdc2a80643870df6 | Triage

Sharing

General

Target

26e27eb7b21105bd43a9c76e1855c9957b48fda96b9f1803cdc2a80643870df6
Size

400KB
Sample

240602-qrlbwaec82
MD5

744bc1b9a04f5a72e7f26638ac5740bb
SHA1

1858151a3d1365a06f3ef71fd8320ab9d2d6c875
SHA256

26e27eb7b21105bd43a9c76e1855c9957b48fda96b9f1803cdc2a80643870df6
SHA512

40c2a9ac8bb6fe0045f8642d2f56a9f5a2ee53a3d562c3b2b9be0e1938a52d0cc22e35e1f6bd199b170118c288ee05578f2d300600558e5007e893f99efc612d
SSDEEP

6144:k/KW+aezsP2zPVz7jUBs8hqcBCi6dbfra4erJlt9A+xX1oOAisEIWmGeNkfGuYFk:HW+aQahVy41

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  26e27eb7b21105bd43a9c76e1855c9957b48fda96b9f1803cdc2a80643870df6
- Size
  
  400KB
- MD5
  
  744bc1b9a04f5a72e7f26638ac5740bb
- SHA1
  
  1858151a3d1365a06f3ef71fd8320ab9d2d6c875
- SHA256
  
  26e27eb7b21105bd43a9c76e1855c9957b48fda96b9f1803cdc2a80643870df6
- SHA512
  
  40c2a9ac8bb6fe0045f8642d2f56a9f5a2ee53a3d562c3b2b9be0e1938a52d0cc22e35e1f6bd199b170118c288ee05578f2d300600558e5007e893f99efc612d
- SSDEEP
  
  6144:k/KW+aezsP2zPVz7jUBs8hqcBCi6dbfra4erJlt9A+xX1oOAisEIWmGeNkfGuYFk:HW+aQahVy41
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2