d08096981e20fba2cd1a346e114015acc2a25c068964f603b9e65ac3fbd3a9d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-06_feea170df2be30541215c5226cfdb8c6_bkransomware
Size

76KB
Sample

240706-jcmg3atare
MD5

feea170df2be30541215c5226cfdb8c6
SHA1

9b31f893cade5c819db195d398b4d039b1d5188f
SHA256

d08096981e20fba2cd1a346e114015acc2a25c068964f603b9e65ac3fbd3a9d9
SHA512

490ed801d8bae3408e13bbdb136350646a90676af01ef61aee33197e45aa0043bf3e51b975ecdbb2a9a58a73c892cc9a7fbb592f6703b90e95356376a93a8785
SSDEEP

1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTToGB/:ZRpAyazIliazT0c/

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-07-06_feea170df2be30541215c5226cfdb8c6_bkransomware
- Size
  
  76KB
- MD5
  
  feea170df2be30541215c5226cfdb8c6
- SHA1
  
  9b31f893cade5c819db195d398b4d039b1d5188f
- SHA256
  
  d08096981e20fba2cd1a346e114015acc2a25c068964f603b9e65ac3fbd3a9d9
- SHA512
  
  490ed801d8bae3408e13bbdb136350646a90676af01ef61aee33197e45aa0043bf3e51b975ecdbb2a9a58a73c892cc9a7fbb592f6703b90e95356376a93a8785
- SSDEEP
  
  1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTToGB/:ZRpAyazIliazT0c/
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer