ab4608a62ee259ccfc98bd3a41241f09d6012ab20505eb6d83a48ae3335e986c | Triage

Sharing

General

Target

2024-08-05_65889163527f56db079869d8ddbe66a7_cobalt-strike_ryuk
Size

1.8MB
Sample

240805-s6681a1ajn
MD5

65889163527f56db079869d8ddbe66a7
SHA1

f7b749f344959f69cfbdcfab8c5840dff9b2ea6d
SHA256

ab4608a62ee259ccfc98bd3a41241f09d6012ab20505eb6d83a48ae3335e986c
SHA512

0ccc11f6cef1a3dd7467cf9db981253aa7259a645c07dbacdb35eb89582f4a434119f45b626f60399e4f62c708dd00c558a6e8909d3ef48bb20e18e4ebf32490
SSDEEP

24576:ofxbo3qZCHTAFamG2DehUH4th15lYT3+Osf/lJjJScih8Qjt69:ofxbKeYAFaRmummT5lb9f/lp0ph5t6

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-08-05_65889163527f56db079869d8ddbe66a7_cobalt-strike_ryuk
- Size
  
  1.8MB
- MD5
  
  65889163527f56db079869d8ddbe66a7
- SHA1
  
  f7b749f344959f69cfbdcfab8c5840dff9b2ea6d
- SHA256
  
  ab4608a62ee259ccfc98bd3a41241f09d6012ab20505eb6d83a48ae3335e986c
- SHA512
  
  0ccc11f6cef1a3dd7467cf9db981253aa7259a645c07dbacdb35eb89582f4a434119f45b626f60399e4f62c708dd00c558a6e8909d3ef48bb20e18e4ebf32490
- SSDEEP
  
  24576:ofxbo3qZCHTAFamG2DehUH4th15lYT3+Osf/lJjJScih8Qjt69:ofxbKeYAFaRmummT5lb9f/lp0ph5t6
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1