aac190af5ea113090c3089cdee31da527f12137f0f9c4f1f973ad5d6e9a255cb | Triage

Sharing

General

Target

2024-07-04_0fa2da416e2718b89707f0ec9186b975_bkransomware
Size

257KB
Sample

240704-xebp8sshqj
MD5

0fa2da416e2718b89707f0ec9186b975
SHA1

27237b93aed2ba69a467fe88f8a4342249fd45ca
SHA256

aac190af5ea113090c3089cdee31da527f12137f0f9c4f1f973ad5d6e9a255cb
SHA512

b985b00c5973fff26b65ec972e955cc3daa7af289959233049785a256409030f9eca7dd9530df7f227a78bd1a7709a6d713b31ea4ae636c4867a723f09a7c44b
SSDEEP

6144:hZMazkQpioQbhckVQ4MX7Op/J10iUfHui+:hS0p0ogHMLOt0iD

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-07-04_0fa2da416e2718b89707f0ec9186b975_bkransomware
- Size
  
  257KB
- MD5
  
  0fa2da416e2718b89707f0ec9186b975
- SHA1
  
  27237b93aed2ba69a467fe88f8a4342249fd45ca
- SHA256
  
  aac190af5ea113090c3089cdee31da527f12137f0f9c4f1f973ad5d6e9a255cb
- SHA512
  
  b985b00c5973fff26b65ec972e955cc3daa7af289959233049785a256409030f9eca7dd9530df7f227a78bd1a7709a6d713b31ea4ae636c4867a723f09a7c44b
- SSDEEP
  
  6144:hZMazkQpioQbhckVQ4MX7Op/J10iUfHui+:hS0p0ogHMLOt0iD
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer