b897eb78b00f4adca494f8d0c415f79ad21a5c3459f7a7d549fc528a911c46c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d5ae47d4047e64c601cc249d83a7260N.exe
Size

551KB
Sample

240819-grm12a1drq
MD5

7d5ae47d4047e64c601cc249d83a7260
SHA1

005e2c7fa37ba6a2e3c1fcf72c5f591cddf4f841
SHA256

b897eb78b00f4adca494f8d0c415f79ad21a5c3459f7a7d549fc528a911c46c2
SHA512

449fd0fa1b1aaf31b024054e6f6a8832e0b10256dece5d8ffe4eb9a07ebdb1f06a6d20684c5e98fcd578c9a066266d6a00ca502a6ff0a1bf6ad0e4ee85c8b7f7
SSDEEP

6144:9rTfUHeeSKOS9ccFKk3Y9t9Y+VS2FzipwQguVCUQeq/OaZ2m5BaW7kR:9n8yN0Mr8+LFzip4neLalBwR

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  7d5ae47d4047e64c601cc249d83a7260N.exe
- Size
  
  551KB
- MD5
  
  7d5ae47d4047e64c601cc249d83a7260
- SHA1
  
  005e2c7fa37ba6a2e3c1fcf72c5f591cddf4f841
- SHA256
  
  b897eb78b00f4adca494f8d0c415f79ad21a5c3459f7a7d549fc528a911c46c2
- SHA512
  
  449fd0fa1b1aaf31b024054e6f6a8832e0b10256dece5d8ffe4eb9a07ebdb1f06a6d20684c5e98fcd578c9a066266d6a00ca502a6ff0a1bf6ad0e4ee85c8b7f7
- SSDEEP
  
  6144:9rTfUHeeSKOS9ccFKk3Y9t9Y+VS2FzipwQguVCUQeq/OaZ2m5BaW7kR:9n8yN0Mr8+LFzip4neLalBwR
Score

7^/10

discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer