db3bbd678785299bfd9d3ef18b847504bbcec5fbdb523aeacce3e458cd6863c5 | Triage

Sharing

General

Target

2024-08-21_781853a5c139d6f6c5215eb610f50d2d_cobalt-strike_ryuk
Size

2.0MB
Sample

240821-xh7l3sycqr
MD5

781853a5c139d6f6c5215eb610f50d2d
SHA1

1fb542d69ca80d85aca4fc1e727da23f6caf42a1
SHA256

db3bbd678785299bfd9d3ef18b847504bbcec5fbdb523aeacce3e458cd6863c5
SHA512

5c7cb246f2e9355ada4d504f0fe7c4523e840a1f4f0e077e024e01245f6ebfb38a77c47f0d4f08c3559f020d5f322bdae7a013dd749e6ffb01901fa78e5add40
SSDEEP

24576:lcTyYv0FteQUd5I2kjgD6iQacAksqjnhMgeiCl7G0nehbGZpbD:luXv0FtpU5606zOADmg27RnWGj

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-08-21_781853a5c139d6f6c5215eb610f50d2d_cobalt-strike_ryuk
- Size
  
  2.0MB
- MD5
  
  781853a5c139d6f6c5215eb610f50d2d
- SHA1
  
  1fb542d69ca80d85aca4fc1e727da23f6caf42a1
- SHA256
  
  db3bbd678785299bfd9d3ef18b847504bbcec5fbdb523aeacce3e458cd6863c5
- SHA512
  
  5c7cb246f2e9355ada4d504f0fe7c4523e840a1f4f0e077e024e01245f6ebfb38a77c47f0d4f08c3559f020d5f322bdae7a013dd749e6ffb01901fa78e5add40
- SSDEEP
  
  24576:lcTyYv0FteQUd5I2kjgD6iQacAksqjnhMgeiCl7G0nehbGZpbD:luXv0FtpU5606zOADmg27RnWGj
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2