22cddfb3c459dd4af9fbcd1971d5ef8448aaf9070bf548b280738fc593ed8326 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

;3.exe
Size

18.3MB
Sample

240817-yqvsxsterg
MD5

b784add61e5483c896bcb3712460c03d
SHA1

b1df782823136e3bee9b694d25c88c24816db0ec
SHA256

22cddfb3c459dd4af9fbcd1971d5ef8448aaf9070bf548b280738fc593ed8326
SHA512

52dff2161ada14bb869f0d1dcbc7eb5b2fe355222539f0e3a66871488ced12656bc833f1892b2167c9053c2bdb61e657ccd0535f119bc30c62aeb801fa282248
SSDEEP

393216:onvgKz6L01+l+uq+Vvz1+TtIiFRCuARuAEFXmb5qMq4jj6SbbcBoC:aji01+l+uqgvz1QtIiCuAU8Eb4nBbbcz

Score

9^/10

credential_access discovery persistence privilege_escalation pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  ;3.exe
- Size
  
  18.3MB
- MD5
  
  b784add61e5483c896bcb3712460c03d
- SHA1
  
  b1df782823136e3bee9b694d25c88c24816db0ec
- SHA256
  
  22cddfb3c459dd4af9fbcd1971d5ef8448aaf9070bf548b280738fc593ed8326
- SHA512
  
  52dff2161ada14bb869f0d1dcbc7eb5b2fe355222539f0e3a66871488ced12656bc833f1892b2167c9053c2bdb61e657ccd0535f119bc30c62aeb801fa282248
- SSDEEP
  
  393216:onvgKz6L01+l+uq+Vvz1+TtIiFRCuARuAEFXmb5qMq4jj6SbbcBoC:aji01+l+uqgvz1QtIiCuAU8Eb4nBbbcz
Score

9^/10

credential_access discovery persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  ;3.pyc
- Size
  
  74KB
- MD5
  
  ef42105b93c5015fd985fa3752cb9976
- SHA1
  
  b5198c67f3b644f7c305e436e2273765b74d28fd
- SHA256
  
  785cfb95bfd9a960b2ae8ea77462af407bdfb45d3ecf5acaad049cf707e0eaa2
- SHA512
  
  9f8adade1924aa71be293720227e661a7c5341b454c6c091fc2b2fd4ddf6f96489bc7288fdacf2455e4eed7cdec14339513862b70e0c80effbfeefcd9453b0df
- SSDEEP
  
  1536:1Zq1Wa/hYx/Ys/A/ki5wD66lbcaMrW5N0X:1ZkWa/WdCsi5ku60
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

credential_accessdiscoverypersistenceprivilege_escalationspywarestealer

behavioral3

behavioral4