213cdc77f1884a641a5c68d93936c9d8ed29f22dcf54b716c918bd209a97ec2a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

213cdc77f1884a641a5c68d93936c9d8ed29f22dcf54b716c918bd209a97ec2a
Size

2.0MB
Sample

240627-2klvlsxgkn
MD5

fec3624f8a7b5c845690e1c6c520f0fb
SHA1

91cb6eb667ee40a8c3664951d3ac88387cbe81ff
SHA256

213cdc77f1884a641a5c68d93936c9d8ed29f22dcf54b716c918bd209a97ec2a
SHA512

2a2a76be4b5d41b04f4ee85c2549fe1ff5ab15a5ced7a79b644a8f26d1475794cffd21fe28f04ad4f9fc1979c9f183542e396f8530c999e345a7743bd64e81b4
SSDEEP

49152:uNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkr:EEhFvqXjbqoJQCV

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  213cdc77f1884a641a5c68d93936c9d8ed29f22dcf54b716c918bd209a97ec2a
- Size
  
  2.0MB
- MD5
  
  fec3624f8a7b5c845690e1c6c520f0fb
- SHA1
  
  91cb6eb667ee40a8c3664951d3ac88387cbe81ff
- SHA256
  
  213cdc77f1884a641a5c68d93936c9d8ed29f22dcf54b716c918bd209a97ec2a
- SHA512
  
  2a2a76be4b5d41b04f4ee85c2549fe1ff5ab15a5ced7a79b644a8f26d1475794cffd21fe28f04ad4f9fc1979c9f183542e396f8530c999e345a7743bd64e81b4
- SSDEEP
  
  49152:uNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkr:EEhFvqXjbqoJQCV
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2