f9330e1c37c7e2d39df612205c0171fdb60b61eef5e7c8bf79cc9893f79c8620 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-22_27b8a58d89c159bc127d75f3dfc0b763_bkransomware
Size

76KB
Sample

240722-3byy9avdkp
MD5

27b8a58d89c159bc127d75f3dfc0b763
SHA1

970c0d4f48d3bb58764d354787b6dafe334afb7c
SHA256

f9330e1c37c7e2d39df612205c0171fdb60b61eef5e7c8bf79cc9893f79c8620
SHA512

c70e6a3305e249ec2b7abb93f291e5d61b1272aa6fafad4107afd02b155ed6daf2e9060f83c045cdfd03d4c22abf1cf4ba8587a6cf4d5d19577e8004341bc7cc
SSDEEP

1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTMx:ZhpAyazIlyazTe

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  2024-07-22_27b8a58d89c159bc127d75f3dfc0b763_bkransomware
- Size
  
  76KB
- MD5
  
  27b8a58d89c159bc127d75f3dfc0b763
- SHA1
  
  970c0d4f48d3bb58764d354787b6dafe334afb7c
- SHA256
  
  f9330e1c37c7e2d39df612205c0171fdb60b61eef5e7c8bf79cc9893f79c8620
- SHA512
  
  c70e6a3305e249ec2b7abb93f291e5d61b1272aa6fafad4107afd02b155ed6daf2e9060f83c045cdfd03d4c22abf1cf4ba8587a6cf4d5d19577e8004341bc7cc
- SSDEEP
  
  1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTMx:ZhpAyazIlyazTe
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer