16d84ca07bfc6000ce65cddff6c3bae938fd3b1de4b80a49970227ab79204ed7 | Triage

Sharing

General

Target

16d84ca07bfc6000ce65cddff6c3bae938fd3b1de4b80a49970227ab79204ed7
Size

17KB
Sample

240611-w7behaxamm
MD5

fa2812aed3986602e083398d9dce6e53
SHA1

5e2dc094c11442df58a88884ee0a2b5fee02f4c9
SHA256

16d84ca07bfc6000ce65cddff6c3bae938fd3b1de4b80a49970227ab79204ed7
SHA512

a13c40b807658359910e009f993202f9cdd1a32e5e8332b7a313b2708c8c6e2653bbe261084c47cee718b8d3ae599307991accfcb9e64bf095e11a11f9c701d0
SSDEEP

384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/SG:IMAQ+BzWPEwnE+KHM2/SG

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  16d84ca07bfc6000ce65cddff6c3bae938fd3b1de4b80a49970227ab79204ed7
- Size
  
  17KB
- MD5
  
  fa2812aed3986602e083398d9dce6e53
- SHA1
  
  5e2dc094c11442df58a88884ee0a2b5fee02f4c9
- SHA256
  
  16d84ca07bfc6000ce65cddff6c3bae938fd3b1de4b80a49970227ab79204ed7
- SHA512
  
  a13c40b807658359910e009f993202f9cdd1a32e5e8332b7a313b2708c8c6e2653bbe261084c47cee718b8d3ae599307991accfcb9e64bf095e11a11f9c701d0
- SSDEEP
  
  384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/SG:IMAQ+BzWPEwnE+KHM2/SG
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer