ecdc8ca79cbc5d4e2f8ab1ddc00dbfe193b75b9206ea5d74e3a44b51754c33cb | Triage

Sharing

General

Target

83462c00333b20021fbb408da39ca430N.exe
Size

159KB
Sample

240817-gj6s6stclr
MD5

83462c00333b20021fbb408da39ca430
SHA1

71a7255f72440bdc88e8da73540ec411761f02bb
SHA256

ecdc8ca79cbc5d4e2f8ab1ddc00dbfe193b75b9206ea5d74e3a44b51754c33cb
SHA512

1d215a568c07164e3e12bc52eb08937e5ef760ac0ab1da2c06048253744c67f2f478dca163bdba0d77d9bc26072ec3dd589728db92aa46e9149343e35969b2b9
SSDEEP

3072:9jh85+KsoQLHMoZDcLwdM8a5Dpv+P02T/y2IvGWdd5yAcK:9jhw+7RF+IML/vi02T/y2IPEAf

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  83462c00333b20021fbb408da39ca430N.exe
- Size
  
  159KB
- MD5
  
  83462c00333b20021fbb408da39ca430
- SHA1
  
  71a7255f72440bdc88e8da73540ec411761f02bb
- SHA256
  
  ecdc8ca79cbc5d4e2f8ab1ddc00dbfe193b75b9206ea5d74e3a44b51754c33cb
- SHA512
  
  1d215a568c07164e3e12bc52eb08937e5ef760ac0ab1da2c06048253744c67f2f478dca163bdba0d77d9bc26072ec3dd589728db92aa46e9149343e35969b2b9
- SSDEEP
  
  3072:9jh85+KsoQLHMoZDcLwdM8a5Dpv+P02T/y2IvGWdd5yAcK:9jhw+7RF+IML/vi02T/y2IPEAf
Score

7^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer