31cd90d982c494e1f05ac4383b169718b60090b61a669582383817c28963ec08 | Triage

Sharing

General

Target

2024-06-27_5c360a29cb295230d637d85f03b0674d_bkransomware
Size

71KB
Sample

240627-y6q5ns1enl
MD5

5c360a29cb295230d637d85f03b0674d
SHA1

50d518b2f0bd64a7b555b36041e9e9774fa8cb04
SHA256

31cd90d982c494e1f05ac4383b169718b60090b61a669582383817c28963ec08
SHA512

a963eca8f1194beef7219f146c8a4d65d64ea4b989ea09ed8320ff15e8b847ef8c2d88543a7f6597b94bfc75714231fd8c389671a3df8f8b9e914d7c6990f767
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTwH:ZhpAyazIlyazTM

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-06-27_5c360a29cb295230d637d85f03b0674d_bkransomware
- Size
  
  71KB
- MD5
  
  5c360a29cb295230d637d85f03b0674d
- SHA1
  
  50d518b2f0bd64a7b555b36041e9e9774fa8cb04
- SHA256
  
  31cd90d982c494e1f05ac4383b169718b60090b61a669582383817c28963ec08
- SHA512
  
  a963eca8f1194beef7219f146c8a4d65d64ea4b989ea09ed8320ff15e8b847ef8c2d88543a7f6597b94bfc75714231fd8c389671a3df8f8b9e914d7c6990f767
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTwH:ZhpAyazIlyazTM
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer