61bddd6894255b12d8e59e454a6294cbcfe6b9883e08c33f7950a787c8886d59 | Triage

Sharing

General

Target

2024-06-13_b617ade738f5eab162d911cfbf1a47cb_bkransomware
Size

518KB
Sample

240613-l6afpsyapr
MD5

b617ade738f5eab162d911cfbf1a47cb
SHA1

c7a244dc7782517e3c450164be9502cd9a8a3213
SHA256

61bddd6894255b12d8e59e454a6294cbcfe6b9883e08c33f7950a787c8886d59
SHA512

5d6217dec7978e199e89340f2b5cbc3d48e22b8e457a70e9232add773ff76a2b8ddfe5a9295abadec33102bee81a815943ac35c19976a213180d0e4fab01f952
SSDEEP

12288:hS07XdQjp8UrxwMnxLSgob4ylbf8o7h/qonU5Z5T:D7IxwMxNMPljd9khT

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-06-13_b617ade738f5eab162d911cfbf1a47cb_bkransomware
- Size
  
  518KB
- MD5
  
  b617ade738f5eab162d911cfbf1a47cb
- SHA1
  
  c7a244dc7782517e3c450164be9502cd9a8a3213
- SHA256
  
  61bddd6894255b12d8e59e454a6294cbcfe6b9883e08c33f7950a787c8886d59
- SHA512
  
  5d6217dec7978e199e89340f2b5cbc3d48e22b8e457a70e9232add773ff76a2b8ddfe5a9295abadec33102bee81a815943ac35c19976a213180d0e4fab01f952
- SSDEEP
  
  12288:hS07XdQjp8UrxwMnxLSgob4ylbf8o7h/qonU5Z5T:D7IxwMxNMPljd9khT
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer