894d9ae4329f7aff31d1c53ef0ae62fc91d23a26bf8942b623de785ac6a12617 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

894d9ae4329f7aff31d1c53ef0ae62fc91d23a26bf8942b623de785ac6a12617
Size

2.0MB
Sample

240627-21f93ayhqr
MD5

acedc7b7a7b38404c2d666cab1fce176
SHA1

087b54ebf98588684b9d9c6543054ca1a1bb536f
SHA256

894d9ae4329f7aff31d1c53ef0ae62fc91d23a26bf8942b623de785ac6a12617
SHA512

a4315fccede62ce05de12e297f58c35c2a9d695d545820c21ad0a126a8c0f19e1e353c0febd0146c0481757972bb4b8046b5357b8248314e3fb4f6e1fb00416c
SSDEEP

49152:rNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmk8:xEhFvqXjbqoJQCK

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  894d9ae4329f7aff31d1c53ef0ae62fc91d23a26bf8942b623de785ac6a12617
- Size
  
  2.0MB
- MD5
  
  acedc7b7a7b38404c2d666cab1fce176
- SHA1
  
  087b54ebf98588684b9d9c6543054ca1a1bb536f
- SHA256
  
  894d9ae4329f7aff31d1c53ef0ae62fc91d23a26bf8942b623de785ac6a12617
- SHA512
  
  a4315fccede62ce05de12e297f58c35c2a9d695d545820c21ad0a126a8c0f19e1e353c0febd0146c0481757972bb4b8046b5357b8248314e3fb4f6e1fb00416c
- SSDEEP
  
  49152:rNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmk8:xEhFvqXjbqoJQCK
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2