95eea0009ecd7edd6f5dcad51bcbc0bf909b0850c73b807dfd937c6357ae4ab6 | Triage

Sharing

General

Target

95eea0009ecd7edd6f5dcad51bcbc0bf909b0850c73b807dfd937c6357ae4ab6
Size

97KB
Sample

240722-rq482ashjq
MD5

16c80b6f575597f508be71a22bd6d213
SHA1

c3870d87a2d6d288cd29ef411188da19caae9cad
SHA256

95eea0009ecd7edd6f5dcad51bcbc0bf909b0850c73b807dfd937c6357ae4ab6
SHA512

18ccad09245e0e4e6172fd6aec6eaf8a84ee0e8629a00eb05d8513a8244ca0ec49a455a9c0c770f45395ea608a9ce3a97dce29b36b6710b371c4cc813d497a58
SSDEEP

1536:eFcx1ae9n40g9i/qo6SKHXf88qP2CsRdxgwGGCIOunToIfiWdN:eFfZQioJK3f8l2CHRGgKTBfik

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  95eea0009ecd7edd6f5dcad51bcbc0bf909b0850c73b807dfd937c6357ae4ab6
- Size
  
  97KB
- MD5
  
  16c80b6f575597f508be71a22bd6d213
- SHA1
  
  c3870d87a2d6d288cd29ef411188da19caae9cad
- SHA256
  
  95eea0009ecd7edd6f5dcad51bcbc0bf909b0850c73b807dfd937c6357ae4ab6
- SHA512
  
  18ccad09245e0e4e6172fd6aec6eaf8a84ee0e8629a00eb05d8513a8244ca0ec49a455a9c0c770f45395ea608a9ce3a97dce29b36b6710b371c4cc813d497a58
- SSDEEP
  
  1536:eFcx1ae9n40g9i/qo6SKHXf88qP2CsRdxgwGGCIOunToIfiWdN:eFfZQioJK3f8l2CHRGgKTBfik
Score

7^/10

spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2