d40230a9a8510edaecf8f1cb41b6cc623cab2f9c9e7cee24ffa08948c0e2ea01 | Triage

Sharing

General

Target

d40230a9a8510edaecf8f1cb41b6cc623cab2f9c9e7cee24ffa08948c0e2ea01
Size

2.0MB
Sample

240627-3cpf7szgrj
MD5

f6fbff2d840be3629eadbb0a1dba812a
SHA1

5b0ee56a95c955615e21db632c9981d699dad54d
SHA256

d40230a9a8510edaecf8f1cb41b6cc623cab2f9c9e7cee24ffa08948c0e2ea01
SHA512

0f49da4e83e42a60162487c873dbc7d7f90edbe6d65956a709e666edf375e189468c6e417e10ff7976c1b9fa7cd912e9f34235a23d13f4e0a0b389ef2d4ec57a
SSDEEP

49152:PNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkU:lEhFvqXjbqoJQCG

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  d40230a9a8510edaecf8f1cb41b6cc623cab2f9c9e7cee24ffa08948c0e2ea01
- Size
  
  2.0MB
- MD5
  
  f6fbff2d840be3629eadbb0a1dba812a
- SHA1
  
  5b0ee56a95c955615e21db632c9981d699dad54d
- SHA256
  
  d40230a9a8510edaecf8f1cb41b6cc623cab2f9c9e7cee24ffa08948c0e2ea01
- SHA512
  
  0f49da4e83e42a60162487c873dbc7d7f90edbe6d65956a709e666edf375e189468c6e417e10ff7976c1b9fa7cd912e9f34235a23d13f4e0a0b389ef2d4ec57a
- SSDEEP
  
  49152:PNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkU:lEhFvqXjbqoJQCG
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2