9ff5849315b4ff18fcba2f84d942a66384a2507749747bd2de10df38b0d16869 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ff5849315b4ff18fcba2f84d942a66384a2507749747bd2de10df38b0d16869
Size

2.0MB
Sample

240624-gcdh2ssamn
MD5

ed6c5e580947bbf7ecebafe4205260c5
SHA1

a2b6551a7db1497aa06815085a4092de28b8573d
SHA256

9ff5849315b4ff18fcba2f84d942a66384a2507749747bd2de10df38b0d16869
SHA512

985d574ac3783ed6d65d6ea0ad380a8944daa9da6f53d1fee2412cc9c66b64071c59fa22a2342fcbea5fe880acac3a0ac006c24b843c0134b021d402c9bf61b7
SSDEEP

49152:sNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkM:qEhFvqXjbqoJQCC

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  9ff5849315b4ff18fcba2f84d942a66384a2507749747bd2de10df38b0d16869
- Size
  
  2.0MB
- MD5
  
  ed6c5e580947bbf7ecebafe4205260c5
- SHA1
  
  a2b6551a7db1497aa06815085a4092de28b8573d
- SHA256
  
  9ff5849315b4ff18fcba2f84d942a66384a2507749747bd2de10df38b0d16869
- SHA512
  
  985d574ac3783ed6d65d6ea0ad380a8944daa9da6f53d1fee2412cc9c66b64071c59fa22a2342fcbea5fe880acac3a0ac006c24b843c0134b021d402c9bf61b7
- SSDEEP
  
  49152:sNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkM:qEhFvqXjbqoJQCC
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2