f0e567d0ce8f4fffd60612d0e9292df4bd879bacee10122aaa7ad80cd8004909 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0e567d0ce8f4fffd60612d0e9292df4bd879bacee10122aaa7ad80cd8004909
Size

70KB
Sample

240709-k36t3ayekg
MD5

ef391aab778930d221099b0b1bd87768
SHA1

8c7ce224f789fb8c0913c6edf2ec148f81606748
SHA256

f0e567d0ce8f4fffd60612d0e9292df4bd879bacee10122aaa7ad80cd8004909
SHA512

822f30e77c3877fdfea4616e72c19a65b5533cce1fc16c6785e5bafd0fce812b8d496e84578cc65e2ba780581b29083d422882464b3abb77c7e6eb3917a1f06a
SSDEEP

1536:e8cx1ae9n40g9i/qo6SKHQriw+d9bHrkT5gUHz7FxtJ:e8fZQioJKwrBkfkT5xHzD

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  f0e567d0ce8f4fffd60612d0e9292df4bd879bacee10122aaa7ad80cd8004909
- Size
  
  70KB
- MD5
  
  ef391aab778930d221099b0b1bd87768
- SHA1
  
  8c7ce224f789fb8c0913c6edf2ec148f81606748
- SHA256
  
  f0e567d0ce8f4fffd60612d0e9292df4bd879bacee10122aaa7ad80cd8004909
- SHA512
  
  822f30e77c3877fdfea4616e72c19a65b5533cce1fc16c6785e5bafd0fce812b8d496e84578cc65e2ba780581b29083d422882464b3abb77c7e6eb3917a1f06a
- SSDEEP
  
  1536:e8cx1ae9n40g9i/qo6SKHQriw+d9bHrkT5gUHz7FxtJ:e8fZQioJKwrBkfkT5xHzD
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2