c8dd622936bba72e1c9e0ad3e3f3546f6adc6d416fcf1f5b5df83d6c01389995 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_856d21b7a5c9a4db5ff7b4cc1b47a212_ryuk
Size

1.9MB
Sample

240614-mwb28axdkd
MD5

856d21b7a5c9a4db5ff7b4cc1b47a212
SHA1

33e24ec72f73ddf1e2f12f5af1007fa4c66a6bd4
SHA256

c8dd622936bba72e1c9e0ad3e3f3546f6adc6d416fcf1f5b5df83d6c01389995
SHA512

1e2b969149b2bc30a3eac6632fe2961a91a4f434645f58f8cdde4aea53c1748a239fcb49f74a47f6c1899e4cf478fc05516eccd317b493ee2852465ccb95c719
SSDEEP

24576:F78r8FfC3F32nUnCdAaKu++nOxUTWuKk0fob0gEEVFQmic8WUO:F/fQF37CGaPYUyuFlIAFQmd8WU

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-06-14_856d21b7a5c9a4db5ff7b4cc1b47a212_ryuk
- Size
  
  1.9MB
- MD5
  
  856d21b7a5c9a4db5ff7b4cc1b47a212
- SHA1
  
  33e24ec72f73ddf1e2f12f5af1007fa4c66a6bd4
- SHA256
  
  c8dd622936bba72e1c9e0ad3e3f3546f6adc6d416fcf1f5b5df83d6c01389995
- SHA512
  
  1e2b969149b2bc30a3eac6632fe2961a91a4f434645f58f8cdde4aea53c1748a239fcb49f74a47f6c1899e4cf478fc05516eccd317b493ee2852465ccb95c719
- SSDEEP
  
  24576:F78r8FfC3F32nUnCdAaKu++nOxUTWuKk0fob0gEEVFQmic8WUO:F/fQF37CGaPYUyuFlIAFQmd8WU
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1