f0f6ba76bf8270c7b5ada5534c410a8442694e664f1e69a2f7892f4f9990568c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0f6ba76bf8270c7b5ada5534c410a8442694e664f1e69a2f7892f4f9990568c
Size

2.0MB
Sample

240624-gn2d9ayfnh
MD5

1f49a2ff195ff91db6950ae394225866
SHA1

56f3d491c080ffe34271b6c1d536b56be857fb5b
SHA256

f0f6ba76bf8270c7b5ada5534c410a8442694e664f1e69a2f7892f4f9990568c
SHA512

b0046bdf20adf0d3d14b5dd06a11c79db45c19baea8bb8d74e208e6b2c9e4f697588efaaabf83c472a604021e68cf5b5c1337f4180dc61c705f1d252c70ed7f9
SSDEEP

49152:INEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmky:2EhFvqXjbqoJQC4

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  f0f6ba76bf8270c7b5ada5534c410a8442694e664f1e69a2f7892f4f9990568c
- Size
  
  2.0MB
- MD5
  
  1f49a2ff195ff91db6950ae394225866
- SHA1
  
  56f3d491c080ffe34271b6c1d536b56be857fb5b
- SHA256
  
  f0f6ba76bf8270c7b5ada5534c410a8442694e664f1e69a2f7892f4f9990568c
- SHA512
  
  b0046bdf20adf0d3d14b5dd06a11c79db45c19baea8bb8d74e208e6b2c9e4f697588efaaabf83c472a604021e68cf5b5c1337f4180dc61c705f1d252c70ed7f9
- SSDEEP
  
  49152:INEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmky:2EhFvqXjbqoJQC4
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2