4c4f28c452f32993128e253e954336de291608e36a56a70ae2eac269dcbc1a54 | Triage

Sharing

General

Target

file_1bd3c25e328347f38f5c497e0700c525_2024-07-23_14_15_12_704000.zip
Size

243KB
Sample

240723-rk5bvaxcld
MD5

e7041309f5464ca2543ee6c7b3522392
SHA1

33ae6a862433f5eebcd3da44fdf4f7e244d5d242
SHA256

4c4f28c452f32993128e253e954336de291608e36a56a70ae2eac269dcbc1a54
SHA512

a81c99727e6de92838c5a37c1ae43462b9f8cac4cb53395f2ba51ae08ec7e604091daa7ed4b25ae6c81e2dfe29f5c5bd9062be27978b71a0822d903965037b5a
SSDEEP

3072:n7E1jznnhIWIF8bUO+U18KXUoeYu3wkz1KDngcAZzg80dPvkYrxNtqY05amSy/gc:wBnZTUiEfX5KDyg8mkYrxN9053Sy/Vx/

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  entry001/FILE0039.CHK
- Size
  
  1.5MB
- MD5
  
  15aee466f47357a6f92385c57e050730
- SHA1
  
  e42caaab64dda15a44c854c1733614c2a58fa371
- SHA256
  
  ac0528667e7cf1e1bd877e66e1dc0451c3e830229baa5120bce7f7ce6e5bd921
- SHA512
  
  1cf3936e3de41029335380606ca2fb1cf03f63fff09e6feead7cc2c2f142887d9fd66d728e62df4781bf723351ca00b7e060a003a386ccb307333d03b30f10a4
- SSDEEP
  
  6144:6afsiuvAQ+tTm6cyERSiytj71cWE4jKS6vwnhB9Y5EwAQVAyhV:XCvAQ+q6ctRt636WfjO4hB9Y5EwAQV/
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer