ec5dcd76a232dfcd9643366e804c09b1f4ae64aff71407152f42efd25d871d4c | Triage

Sharing

General

Target

ec5dcd76a232dfcd9643366e804c09b1f4ae64aff71407152f42efd25d871d4c
Size

243KB
Sample

240620-fpzrdavdjq
MD5

88f741a5cbe54409d9b9e60db78d80b2
SHA1

443c5168049a4d388fd7377c04d2a6cf87ea873f
SHA256

ec5dcd76a232dfcd9643366e804c09b1f4ae64aff71407152f42efd25d871d4c
SHA512

652f522cda812506bae038fa8950c9fdfdde9be6765d847c338ee0a433eb09fb1b56d67d4aa3f978876889b9bef79e1064f2778c8c1c41dd38d2f8a3e1b71b84
SSDEEP

6144:dXC4vgmhbIxs3NBR3zskkSHyBiDQLyLSyV151qNv:dXCNi9BZAkljDQeLSkf1qF

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  ec5dcd76a232dfcd9643366e804c09b1f4ae64aff71407152f42efd25d871d4c
- Size
  
  243KB
- MD5
  
  88f741a5cbe54409d9b9e60db78d80b2
- SHA1
  
  443c5168049a4d388fd7377c04d2a6cf87ea873f
- SHA256
  
  ec5dcd76a232dfcd9643366e804c09b1f4ae64aff71407152f42efd25d871d4c
- SHA512
  
  652f522cda812506bae038fa8950c9fdfdde9be6765d847c338ee0a433eb09fb1b56d67d4aa3f978876889b9bef79e1064f2778c8c1c41dd38d2f8a3e1b71b84
- SSDEEP
  
  6144:dXC4vgmhbIxs3NBR3zskkSHyBiDQLyLSyV151qNv:dXCNi9BZAkljDQeLSkf1qF
Score

9^/10

persistence spyware stealer
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer