e197e681b996043da9348f3f06f137f3c2202546ec4217a5b53823ae12b5c823 | Triage

Sharing

General

Target

e197e681b996043da9348f3f06f137f3c2202546ec4217a5b53823ae12b5c823
Size

2.0MB
Sample

240627-3fa3zs1ark
MD5

4606ce909104b8dd7ad572c12f9d0179
SHA1

37e51eb9186c17b3b9fd7478657c4472f1d67ed1
SHA256

e197e681b996043da9348f3f06f137f3c2202546ec4217a5b53823ae12b5c823
SHA512

34c3c286a2b6912e6446058f1bc021ae0a399665415dd0216526b729a0c2775ed27cfc5b5b47e514624c973d2816c73ece70868200353230dc6eae13f6bd43ac
SSDEEP

49152:aNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkw:gEhFvqXjbqoJQCK

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  e197e681b996043da9348f3f06f137f3c2202546ec4217a5b53823ae12b5c823
- Size
  
  2.0MB
- MD5
  
  4606ce909104b8dd7ad572c12f9d0179
- SHA1
  
  37e51eb9186c17b3b9fd7478657c4472f1d67ed1
- SHA256
  
  e197e681b996043da9348f3f06f137f3c2202546ec4217a5b53823ae12b5c823
- SHA512
  
  34c3c286a2b6912e6446058f1bc021ae0a399665415dd0216526b729a0c2775ed27cfc5b5b47e514624c973d2816c73ece70868200353230dc6eae13f6bd43ac
- SSDEEP
  
  49152:aNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkw:gEhFvqXjbqoJQCK
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2