16605d3c20dfda31d67f33bc58edb61db93f6b03ad834368ea4f12a563641865 | Triage

Sharing

General

Target

135b5d1a525c6cc808b6ff25f7e7d420.bin
Size

4.0MB
Sample

240719-bljtjawblk
MD5

135b5d1a525c6cc808b6ff25f7e7d420
SHA1

4f1680212850f213f5e89821ae2da2eed44efb71
SHA256

16605d3c20dfda31d67f33bc58edb61db93f6b03ad834368ea4f12a563641865
SHA512

ed2668b753edb3bb057d4e8ccc2ee1bcb8f853ba8a196d3ba360fcda6cea4b6abf7f9637e55e2e3313d58f5e440a5c8c40d9e61864ec7e828cde2c4ecdb14175
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBQB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpjbVz8eLFcz

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  135b5d1a525c6cc808b6ff25f7e7d420.bin
- Size
  
  4.0MB
- MD5
  
  135b5d1a525c6cc808b6ff25f7e7d420
- SHA1
  
  4f1680212850f213f5e89821ae2da2eed44efb71
- SHA256
  
  16605d3c20dfda31d67f33bc58edb61db93f6b03ad834368ea4f12a563641865
- SHA512
  
  ed2668b753edb3bb057d4e8ccc2ee1bcb8f853ba8a196d3ba360fcda6cea4b6abf7f9637e55e2e3313d58f5e440a5c8c40d9e61864ec7e828cde2c4ecdb14175
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBQB/bSqz8b6LNXJqI20t:sxX7QnxrloE5dpUpjbVz8eLFcz
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer