b993fe09adf88c701f120c2d78f4833e0d7360c048cf573f93e5bb161f431071 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06cb59f0a8c85081f67a6ce034c18f40N.exe
Size

3.0MB
Sample

240711-zdtkrsshlj
MD5

06cb59f0a8c85081f67a6ce034c18f40
SHA1

13c10d40c078772e5dec268ca31322234ae9ffd8
SHA256

b993fe09adf88c701f120c2d78f4833e0d7360c048cf573f93e5bb161f431071
SHA512

11fab86b6d5e63ee35388756f2f0399212c18babb3f723cfcfcf3ce4b479b45a3c73bd72ba8a8bc829e4f9430629d2dbdff595f344c93d96a61b39225dfa17b2
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB7B/bSqz8:sxX7QnxrloE5dpUpMbVz8

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  06cb59f0a8c85081f67a6ce034c18f40N.exe
- Size
  
  3.0MB
- MD5
  
  06cb59f0a8c85081f67a6ce034c18f40
- SHA1
  
  13c10d40c078772e5dec268ca31322234ae9ffd8
- SHA256
  
  b993fe09adf88c701f120c2d78f4833e0d7360c048cf573f93e5bb161f431071
- SHA512
  
  11fab86b6d5e63ee35388756f2f0399212c18babb3f723cfcfcf3ce4b479b45a3c73bd72ba8a8bc829e4f9430629d2dbdff595f344c93d96a61b39225dfa17b2
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB7B/bSqz8:sxX7QnxrloE5dpUpMbVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer