632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3 | Triage

Sharing

General

Target

f303074b9e3f955524c3b47d7eb0bb70N.exe
Size

920KB
Sample

240720-v5cn4swejj
MD5

f303074b9e3f955524c3b47d7eb0bb70
SHA1

9ded5078c914a3d617237d3c7178aed75b16af04
SHA256

632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3
SHA512

290601268fddc17d0706a1774db08d959e997634fd18bc06e4175854dd0a268b662a5b5b31d7633e3d3fb695bbcefb204aec35bf9fa02ad55b15f1ce609d6ed1
SSDEEP

24576:2wORH9uFgGf2w6qOkZOrHKhKq0pvhljvilP5cz:h6uFFf26dAk0pvhlvilPyz

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  f303074b9e3f955524c3b47d7eb0bb70N.exe
- Size
  
  920KB
- MD5
  
  f303074b9e3f955524c3b47d7eb0bb70
- SHA1
  
  9ded5078c914a3d617237d3c7178aed75b16af04
- SHA256
  
  632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3
- SHA512
  
  290601268fddc17d0706a1774db08d959e997634fd18bc06e4175854dd0a268b662a5b5b31d7633e3d3fb695bbcefb204aec35bf9fa02ad55b15f1ce609d6ed1
- SSDEEP
  
  24576:2wORH9uFgGf2w6qOkZOrHKhKq0pvhljvilP5cz:h6uFFf26dAk0pvhlvilPyz
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer