12daa34111bb54b3dcbad42305663e44e7e6c3842f015cccbbe6564d9dfd3ea3 | Triage

Sharing

General

Target

Superstar_MemberCard.tiff.exe
Size

40KB
Sample

240711-yjw3eatela
MD5

ace3e42d95e5b9d0744763bde9888069
SHA1

6236f6f30e1cd180d3f9bd1d48ea4cccdfc2a806
SHA256

12daa34111bb54b3dcbad42305663e44e7e6c3842f015cccbbe6564d9dfd3ea3
SHA512

5c17eb87d60794be010e50c8cb62dc72bcfcfae15c5b79d39f1fca769acf82dce8eafe807a9a9bf00c9ecdbd5d7383fca7fa344e76373e22bd6de545501e68e2
SSDEEP

768:ZCIFqGveQJUJtVeD3sl/Qq9QSucEQ0xIlBcVpXbOfq19kQa1:ZC4qGveQJ93sl/Qq9QSucEQ0xIlBubOV

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Superstar_MemberCard.tiff.exe
- Size
  
  40KB
- MD5
  
  ace3e42d95e5b9d0744763bde9888069
- SHA1
  
  6236f6f30e1cd180d3f9bd1d48ea4cccdfc2a806
- SHA256
  
  12daa34111bb54b3dcbad42305663e44e7e6c3842f015cccbbe6564d9dfd3ea3
- SHA512
  
  5c17eb87d60794be010e50c8cb62dc72bcfcfae15c5b79d39f1fca769acf82dce8eafe807a9a9bf00c9ecdbd5d7383fca7fa344e76373e22bd6de545501e68e2
- SSDEEP
  
  768:ZCIFqGveQJUJtVeD3sl/Qq9QSucEQ0xIlBcVpXbOfq19kQa1:ZC4qGveQJ93sl/Qq9QSucEQ0xIlBubOV
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2