79bc66e7df315db440e8e728438606f8b3a2f2ded1acb070e727d84d7f7223a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79bc66e7df315db440e8e728438606f8b3a2f2ded1acb070e727d84d7f7223a5
Size

306KB
Sample

240604-rtv5jaac5w
MD5

85cd230ca140fa9911c873f310144ae2
SHA1

0c9e0b63cf7786b020e10fe4cd08ec046ff813a7
SHA256

79bc66e7df315db440e8e728438606f8b3a2f2ded1acb070e727d84d7f7223a5
SHA512

3c3cea49499b94e3f3fc490ddb4cb9fc36c2c60768e5e6bce1aa1530d1d88dc4c11bfed5e7850cd6a7940b3c6c96ce57c8d6ff792ce32a86f9759ef2d9ff5791
SSDEEP

6144:V1NM5p9ObiZKDAX0jH0o2zq9DmQ3LOotL4gr:V1upcbiZKm4H8zq9Fjtdr

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  79bc66e7df315db440e8e728438606f8b3a2f2ded1acb070e727d84d7f7223a5
- Size
  
  306KB
- MD5
  
  85cd230ca140fa9911c873f310144ae2
- SHA1
  
  0c9e0b63cf7786b020e10fe4cd08ec046ff813a7
- SHA256
  
  79bc66e7df315db440e8e728438606f8b3a2f2ded1acb070e727d84d7f7223a5
- SHA512
  
  3c3cea49499b94e3f3fc490ddb4cb9fc36c2c60768e5e6bce1aa1530d1d88dc4c11bfed5e7850cd6a7940b3c6c96ce57c8d6ff792ce32a86f9759ef2d9ff5791
- SSDEEP
  
  6144:V1NM5p9ObiZKDAX0jH0o2zq9DmQ3LOotL4gr:V1upcbiZKm4H8zq9Fjtdr
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2