66ad63b45c3cfca02427911cf3906c225df63f69c7c2ae66dbdb68b17efc7d49 | Triage

Sharing

General

Target

66ad63b45c3cfca02427911cf3906c225df63f69c7c2ae66dbdb68b17efc7d49
Size

717KB
Sample

240709-k9qresygmb
MD5

9c6ae8c00740982ed95dd11ae927a006
SHA1

5ac953d7cee7e348f4a8d530771e74a8292f4f49
SHA256

66ad63b45c3cfca02427911cf3906c225df63f69c7c2ae66dbdb68b17efc7d49
SHA512

badec1228b340336ef203ab26ff9b083c5530c328b1f6fafb1fdece0d2b3908de1dff0c8d898c76730249ed13c7d0762a61923258a863a3d7cc3c49faffd53c2
SSDEEP

12288:3LfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:37LOS2opPIXV

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  66ad63b45c3cfca02427911cf3906c225df63f69c7c2ae66dbdb68b17efc7d49
- Size
  
  717KB
- MD5
  
  9c6ae8c00740982ed95dd11ae927a006
- SHA1
  
  5ac953d7cee7e348f4a8d530771e74a8292f4f49
- SHA256
  
  66ad63b45c3cfca02427911cf3906c225df63f69c7c2ae66dbdb68b17efc7d49
- SHA512
  
  badec1228b340336ef203ab26ff9b083c5530c328b1f6fafb1fdece0d2b3908de1dff0c8d898c76730249ed13c7d0762a61923258a863a3d7cc3c49faffd53c2
- SSDEEP
  
  12288:3LfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:37LOS2opPIXV
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2