ec98ae75569622f420f765226773ff68e2b577980ded961c4c8e7f3634095939 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec98ae75569622f420f765226773ff68e2b577980ded961c4c8e7f3634095939
Size

2.0MB
Sample

240627-3g1p2a1cjq
MD5

75fd9da5280268f2749ff473cd0c9ef5
SHA1

42da32ac58bc583b8e9ad51eb9d2d85864e0b551
SHA256

ec98ae75569622f420f765226773ff68e2b577980ded961c4c8e7f3634095939
SHA512

1c1f41d1ee594801bd9de5ad7052e1c40d75024ed48558f1acf808166049e54b63db1042e9b5c174e26f8c5cc82b3701275f58f9f90133d62be52ad35ee78f65
SSDEEP

49152:YNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkr:mEhFvqXjbqoJQCV

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  ec98ae75569622f420f765226773ff68e2b577980ded961c4c8e7f3634095939
- Size
  
  2.0MB
- MD5
  
  75fd9da5280268f2749ff473cd0c9ef5
- SHA1
  
  42da32ac58bc583b8e9ad51eb9d2d85864e0b551
- SHA256
  
  ec98ae75569622f420f765226773ff68e2b577980ded961c4c8e7f3634095939
- SHA512
  
  1c1f41d1ee594801bd9de5ad7052e1c40d75024ed48558f1acf808166049e54b63db1042e9b5c174e26f8c5cc82b3701275f58f9f90133d62be52ad35ee78f65
- SSDEEP
  
  49152:YNEyY80FNFPy4tGmml/0947g+b9W7m6S/sbs0wQ22qPAoFmkr:mEhFvqXjbqoJQCV
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2