9d48b4cf249322b1168bfc6c07c4924a0efb86d578f9c2c9c7ccef791e91b125 | Triage

Sharing

General

Target

9d48b4cf249322b1168bfc6c07c4924a0efb86d578f9c2c9c7ccef791e91b125
Size

2.0MB
Sample

240627-24zwkszbrp
MD5

969b717a2248ed62d7f7bee4bf4cc593
SHA1

b52b5383752324c9dfe463f68d8ae92bf29b4caf
SHA256

9d48b4cf249322b1168bfc6c07c4924a0efb86d578f9c2c9c7ccef791e91b125
SHA512

728636965a66b9ba8dd0a99249fbb2f1778a728d5a6af6d6994fcc02d9b4e1ad28904f65bf361eb5542be5fc19bea7bdc3018539e23480a9c4d5efab030d8ad6
SSDEEP

49152:jNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmky:ZEhFvqXjbqoJQCg

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  9d48b4cf249322b1168bfc6c07c4924a0efb86d578f9c2c9c7ccef791e91b125
- Size
  
  2.0MB
- MD5
  
  969b717a2248ed62d7f7bee4bf4cc593
- SHA1
  
  b52b5383752324c9dfe463f68d8ae92bf29b4caf
- SHA256
  
  9d48b4cf249322b1168bfc6c07c4924a0efb86d578f9c2c9c7ccef791e91b125
- SHA512
  
  728636965a66b9ba8dd0a99249fbb2f1778a728d5a6af6d6994fcc02d9b4e1ad28904f65bf361eb5542be5fc19bea7bdc3018539e23480a9c4d5efab030d8ad6
- SSDEEP
  
  49152:jNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmky:ZEhFvqXjbqoJQCg
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2