ac32ab8e27571a62340623d49abf9147b3c6b1343f15cb7adcacb5e9022e0202 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac32ab8e27571a62340623d49abf9147b3c6b1343f15cb7adcacb5e9022e0202
Size

393KB
Sample

240719-znsq8ayhjj
MD5

ae9b99cdaeea160df3d5cc35afb32b07
SHA1

e73f961c0e67aea82f6cc61758bd39558436b063
SHA256

ac32ab8e27571a62340623d49abf9147b3c6b1343f15cb7adcacb5e9022e0202
SHA512

3a37dac9aedc6744b44ec0181dfc29c0aa9090e83775a466cd195720475c3b08f7389c64418531cfe2feefee5f36a2ce58e2d04b74652da0f8570c7d46e04003
SSDEEP

6144:T+aX36VP2zPVz7jUBs8hqcBCi6dbfra4erJlt9A+xX1oOAisEIWmGeNkfGuYF1mx:T+aPahVy41

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  ac32ab8e27571a62340623d49abf9147b3c6b1343f15cb7adcacb5e9022e0202
- Size
  
  393KB
- MD5
  
  ae9b99cdaeea160df3d5cc35afb32b07
- SHA1
  
  e73f961c0e67aea82f6cc61758bd39558436b063
- SHA256
  
  ac32ab8e27571a62340623d49abf9147b3c6b1343f15cb7adcacb5e9022e0202
- SHA512
  
  3a37dac9aedc6744b44ec0181dfc29c0aa9090e83775a466cd195720475c3b08f7389c64418531cfe2feefee5f36a2ce58e2d04b74652da0f8570c7d46e04003
- SSDEEP
  
  6144:T+aX36VP2zPVz7jUBs8hqcBCi6dbfra4erJlt9A+xX1oOAisEIWmGeNkfGuYF1mx:T+aPahVy41
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2