71ed5e79986a833f4dc0776ef64d2f4157615e0e26a922240798b6b737daa645 | Triage

Sharing

General

Target

e87a2faf694769e59603c5cbd0e14340N.exe
Size

2.6MB
Sample

240721-ttbr1avfme
MD5

e87a2faf694769e59603c5cbd0e14340
SHA1

24d309c1ff1711ae1e2349f949e8ae69d088f49b
SHA256

71ed5e79986a833f4dc0776ef64d2f4157615e0e26a922240798b6b737daa645
SHA512

d238c0f8eee7c304c74e21cf5f9cc216f7f30ae8b186e8799a28ba9bd3b157d623b64686e9eb5dc3c3616fb9172e9b37afbf46739c10e59ea76554bc7ead14ce
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBVB/bS:sxX7QnxrloE5dpUpGb

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  e87a2faf694769e59603c5cbd0e14340N.exe
- Size
  
  2.6MB
- MD5
  
  e87a2faf694769e59603c5cbd0e14340
- SHA1
  
  24d309c1ff1711ae1e2349f949e8ae69d088f49b
- SHA256
  
  71ed5e79986a833f4dc0776ef64d2f4157615e0e26a922240798b6b737daa645
- SHA512
  
  d238c0f8eee7c304c74e21cf5f9cc216f7f30ae8b186e8799a28ba9bd3b157d623b64686e9eb5dc3c3616fb9172e9b37afbf46739c10e59ea76554bc7ead14ce
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBVB/bS:sxX7QnxrloE5dpUpGb
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer