ea1ba2000d1cf9c777a61f0ff984010580c0c05b160b861e8120eea90fbb7732 | Triage

Sharing

General

Target

ea1ba2000d1cf9c777a61f0ff984010580c0c05b160b861e8120eea90fbb7732
Size

963KB
Sample

240610-rt4rnszdmr
MD5

45ce8f6166a2ab1ed33ee0c6ad7e5ec2
SHA1

250d43209a3add8f5f87b1e107a744bc1aeb39fa
SHA256

ea1ba2000d1cf9c777a61f0ff984010580c0c05b160b861e8120eea90fbb7732
SHA512

be6b2362fe1aa3504851eccf6da9362d29324d81503669a3602b4865e4df22adec59d2cc3c3962949bd4f7c4c8317918c3af262585ca5cf1649b8814b63cd7f9
SSDEEP

24576:KbB5PmFtYSm0nVYnbuZycUit/rldx5Xeh:GBBmLlOnyZycUGzldrXeh

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  ea1ba2000d1cf9c777a61f0ff984010580c0c05b160b861e8120eea90fbb7732
- Size
  
  963KB
- MD5
  
  45ce8f6166a2ab1ed33ee0c6ad7e5ec2
- SHA1
  
  250d43209a3add8f5f87b1e107a744bc1aeb39fa
- SHA256
  
  ea1ba2000d1cf9c777a61f0ff984010580c0c05b160b861e8120eea90fbb7732
- SHA512
  
  be6b2362fe1aa3504851eccf6da9362d29324d81503669a3602b4865e4df22adec59d2cc3c3962949bd4f7c4c8317918c3af262585ca5cf1649b8814b63cd7f9
- SSDEEP
  
  24576:KbB5PmFtYSm0nVYnbuZycUit/rldx5Xeh:GBBmLlOnyZycUGzldrXeh
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2