be35f5d12f69248e853cf32fc0f33e0a0e1942643bf9de75a453eb8bb1a019bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-08_5a82e5b86e3b104dfe388ecdba209384_bkransomware
Size

168KB
Sample

240608-eyjabahg87
MD5

5a82e5b86e3b104dfe388ecdba209384
SHA1

9ca1ca8f50dee5e3aa7a03659871e1488c3167bc
SHA256

be35f5d12f69248e853cf32fc0f33e0a0e1942643bf9de75a453eb8bb1a019bb
SHA512

7346718cfd0901db4112918d066de594e22f65dad8ae58a85b56ca89f46cf1165f1f8b9d09f2ae0d0bc7981112a416b86a3d0fe54590da364cec73e226332ed0
SSDEEP

3072:ZhpAyazIlyazTaMQWa0JoMpBL8ezJwCQ9Snl2uEfqIIQ:hZMazy0pBLVzJwfSnl2ukqIIQ

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-06-08_5a82e5b86e3b104dfe388ecdba209384_bkransomware
- Size
  
  168KB
- MD5
  
  5a82e5b86e3b104dfe388ecdba209384
- SHA1
  
  9ca1ca8f50dee5e3aa7a03659871e1488c3167bc
- SHA256
  
  be35f5d12f69248e853cf32fc0f33e0a0e1942643bf9de75a453eb8bb1a019bb
- SHA512
  
  7346718cfd0901db4112918d066de594e22f65dad8ae58a85b56ca89f46cf1165f1f8b9d09f2ae0d0bc7981112a416b86a3d0fe54590da364cec73e226332ed0
- SSDEEP
  
  3072:ZhpAyazIlyazTaMQWa0JoMpBL8ezJwCQ9Snl2uEfqIIQ:hZMazy0pBLVzJwfSnl2ukqIIQ
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer