0861b0747659b1bcbe5bf3d6aebfd4f2d4e2b662ca20860b0b7c03e3df49fe5c | Triage

Sharing

General

Target

2024-07-05_627768258c369bc78d7eea4b3f1a4a49_ryuk
Size

1.8MB
Sample

240705-le8t7aycmb
MD5

627768258c369bc78d7eea4b3f1a4a49
SHA1

d1baa66ec385e96d435e4927cdbf3b4948e6f1ff
SHA256

0861b0747659b1bcbe5bf3d6aebfd4f2d4e2b662ca20860b0b7c03e3df49fe5c
SHA512

6696c65451dfac12a79b55bca679e1a58db8fe5a449283177ff1cd5250bbf442e98739eed0ab66df625b40f55fd7241c2f0045b55c881bef5e4749a4ce36e008
SSDEEP

49152:oKfuPS3ELNjV7SZxEfOflgwf0ZgFIDRRAubt5M:fm9OZxjguUf

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-07-05_627768258c369bc78d7eea4b3f1a4a49_ryuk
- Size
  
  1.8MB
- MD5
  
  627768258c369bc78d7eea4b3f1a4a49
- SHA1
  
  d1baa66ec385e96d435e4927cdbf3b4948e6f1ff
- SHA256
  
  0861b0747659b1bcbe5bf3d6aebfd4f2d4e2b662ca20860b0b7c03e3df49fe5c
- SHA512
  
  6696c65451dfac12a79b55bca679e1a58db8fe5a449283177ff1cd5250bbf442e98739eed0ab66df625b40f55fd7241c2f0045b55c881bef5e4749a4ce36e008
- SSDEEP
  
  49152:oKfuPS3ELNjV7SZxEfOflgwf0ZgFIDRRAubt5M:fm9OZxjguUf
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2