f763cff91e19384e38630341fff630f41600c5f89f5651e08fdfb1b9af4c5638 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7b3916878cd4ae1ae8d238efde24390N.exe
Size

2.6MB
Sample

240726-j26bgawcrm
MD5

a7b3916878cd4ae1ae8d238efde24390
SHA1

e4a85886892c69c30571ab2ba101a0c7e9bb2504
SHA256

f763cff91e19384e38630341fff630f41600c5f89f5651e08fdfb1b9af4c5638
SHA512

7f0731090a06da38e99a02782412a956bb4e8898a2618aea65611943e9fa1a823f28d36a527586a7e6e09de7ce1455810350f313c3376b983f4224a7e0a5e6e3
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBkB/bS:sxX7QnxrloE5dpUpXb

Score

9^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  a7b3916878cd4ae1ae8d238efde24390N.exe
- Size
  
  2.6MB
- MD5
  
  a7b3916878cd4ae1ae8d238efde24390
- SHA1
  
  e4a85886892c69c30571ab2ba101a0c7e9bb2504
- SHA256
  
  f763cff91e19384e38630341fff630f41600c5f89f5651e08fdfb1b9af4c5638
- SHA512
  
  7f0731090a06da38e99a02782412a956bb4e8898a2618aea65611943e9fa1a823f28d36a527586a7e6e09de7ce1455810350f313c3376b983f4224a7e0a5e6e3
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBkB/bS:sxX7QnxrloE5dpUpXb
Score

9^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer