d508eebaa8bf7cf2592b0355d3f11abf871ba1156919055e06f3c7e52246a9c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d508eebaa8bf7cf2592b0355d3f11abf871ba1156919055e06f3c7e52246a9c8
Size

2.8MB
Sample

240701-y51mqaxelg
MD5

5fde9d0c604f3f9d8f0bb79dcccf461d
SHA1

b6b95a97c37c6e282c8d5218398240c4320f4230
SHA256

d508eebaa8bf7cf2592b0355d3f11abf871ba1156919055e06f3c7e52246a9c8
SHA512

559c7eee8a4a2a3555c76a2daf89633d00f6fe3a641fe61c0040c2ef65e1dfa598f718e20701a22a0bc3b55da214cc0a032b842ac3b6b2974c7786cfb3a6e8b1
SSDEEP

49152:l6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:4d1XdhBiiMa7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  d508eebaa8bf7cf2592b0355d3f11abf871ba1156919055e06f3c7e52246a9c8
- Size
  
  2.8MB
- MD5
  
  5fde9d0c604f3f9d8f0bb79dcccf461d
- SHA1
  
  b6b95a97c37c6e282c8d5218398240c4320f4230
- SHA256
  
  d508eebaa8bf7cf2592b0355d3f11abf871ba1156919055e06f3c7e52246a9c8
- SHA512
  
  559c7eee8a4a2a3555c76a2daf89633d00f6fe3a641fe61c0040c2ef65e1dfa598f718e20701a22a0bc3b55da214cc0a032b842ac3b6b2974c7786cfb3a6e8b1
- SSDEEP
  
  49152:l6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:4d1XdhBiiMa7
Score

7^/10

spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2