9f3527471f241bbaf25c09b0aaaf6bbbe42a768e3d6dc2611ad99b4c64775705 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_8b4a17138f7eb1975175d80da23c0a64_bkransomware
Size

71KB
Sample

240709-nxkw7athmh
MD5

8b4a17138f7eb1975175d80da23c0a64
SHA1

bc6716d1776c32dbd61fe8c00e655b29840fe2d8
SHA256

9f3527471f241bbaf25c09b0aaaf6bbbe42a768e3d6dc2611ad99b4c64775705
SHA512

fa10a51351c93f3b451958725e5fa14b87bf9f7691cf958b3b1eae24fd16f5db2f5b67a116ef0aad4ca95f12d9f29d191e24bfb15c61b0cf65d0b12a55c84f05
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTn:ZhpAyazIlyazTn

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-07-09_8b4a17138f7eb1975175d80da23c0a64_bkransomware
- Size
  
  71KB
- MD5
  
  8b4a17138f7eb1975175d80da23c0a64
- SHA1
  
  bc6716d1776c32dbd61fe8c00e655b29840fe2d8
- SHA256
  
  9f3527471f241bbaf25c09b0aaaf6bbbe42a768e3d6dc2611ad99b4c64775705
- SHA512
  
  fa10a51351c93f3b451958725e5fa14b87bf9f7691cf958b3b1eae24fd16f5db2f5b67a116ef0aad4ca95f12d9f29d191e24bfb15c61b0cf65d0b12a55c84f05
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTn:ZhpAyazIlyazTn
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer