22af164efc6a1da4a297732fbb3c906422f42eb6aa4ba44fac8645c70578ee04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22af164efc6a1da4a297732fbb3c906422f42eb6aa4ba44fac8645c70578ee04
Size

17KB
Sample

240705-enqlmsscml
MD5

1c16ddcf284e3a89058205fe68188185
SHA1

3012cd279bf56f7fc0c2c356caa00b063b530609
SHA256

22af164efc6a1da4a297732fbb3c906422f42eb6aa4ba44fac8645c70578ee04
SHA512

f2366ca5c97d658bc60f385e0208c2c60ebad0dbd033774e183e5238805569319e1f0c0172c7ac18a86aa46d04cafc40a860bf163ccd4f849b46d8aae393f47e
SSDEEP

384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/bKOQ:IMAQ+BzWPEwnE+KHM2/mT

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  22af164efc6a1da4a297732fbb3c906422f42eb6aa4ba44fac8645c70578ee04
- Size
  
  17KB
- MD5
  
  1c16ddcf284e3a89058205fe68188185
- SHA1
  
  3012cd279bf56f7fc0c2c356caa00b063b530609
- SHA256
  
  22af164efc6a1da4a297732fbb3c906422f42eb6aa4ba44fac8645c70578ee04
- SHA512
  
  f2366ca5c97d658bc60f385e0208c2c60ebad0dbd033774e183e5238805569319e1f0c0172c7ac18a86aa46d04cafc40a860bf163ccd4f849b46d8aae393f47e
- SSDEEP
  
  384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/bKOQ:IMAQ+BzWPEwnE+KHM2/mT
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer