56b91b2f5cfbf42f2c692c14caec6995ca949fcd1b8b9c29e41a0c58d53ff8c3 | Triage

Sharing

General

Target

56b91b2f5cfbf42f2c692c14caec6995ca949fcd1b8b9c29e41a0c58d53ff8c3
Size

740KB
Sample

240628-1p3hgsshpd
MD5

1d88522437dd253f814c0e38b43e59a9
SHA1

3532dfbffe38f2040190e48ea50a12b92608b373
SHA256

56b91b2f5cfbf42f2c692c14caec6995ca949fcd1b8b9c29e41a0c58d53ff8c3
SHA512

a90da2733864589913fd9b8c373cbad622b9c1e32c4934a55524b4f0aaffcf5d52db8e35213dd07727803d2eed810755cb1c1c8124dcd4e542a09a63a6462c44
SSDEEP

12288:ZNzi9BdK1JQJ73VUbNgFfUKub5p3ziodPpXNmp+zlh+WxisDz6jkcGadiHhLBP7h:QdbJjVQOFsHL5pXNKFNcz6vWLBzlz

Score

10^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  56b91b2f5cfbf42f2c692c14caec6995ca949fcd1b8b9c29e41a0c58d53ff8c3
- Size
  
  740KB
- MD5
  
  1d88522437dd253f814c0e38b43e59a9
- SHA1
  
  3532dfbffe38f2040190e48ea50a12b92608b373
- SHA256
  
  56b91b2f5cfbf42f2c692c14caec6995ca949fcd1b8b9c29e41a0c58d53ff8c3
- SHA512
  
  a90da2733864589913fd9b8c373cbad622b9c1e32c4934a55524b4f0aaffcf5d52db8e35213dd07727803d2eed810755cb1c1c8124dcd4e542a09a63a6462c44
- SSDEEP
  
  12288:ZNzi9BdK1JQJ73VUbNgFfUKub5p3ziodPpXNmp+zlh+WxisDz6jkcGadiHhLBP7h:QdbJjVQOFsHL5pXNKFNcz6vWLBzlz
Score

9^/10

persistence spyware stealer
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer