859236a8a9e97d4dc3af20b99da151d4c0fd0918abd4eb0f0bded04865ebc808 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

859236a8a9e97d4dc3af20b99da151d4c0fd0918abd4eb0f0bded04865ebc808.exe
Size

896KB
Sample

240824-bp7prszdrj
MD5

7b0a6dc0370e9c4166434aec812ff55e
SHA1

300d85af89521be343338fc7d35a92274fd563f4
SHA256

859236a8a9e97d4dc3af20b99da151d4c0fd0918abd4eb0f0bded04865ebc808
SHA512

3c594d078abd5d0dfe08de9dafdecb7ee8e69b5a970ef8eca8bccb26978568bea83a7298baff133e4b87bef64a9f3cd6ac26aba7f0035aa5950cfa0e71b243b2
SSDEEP

24576:P2yjibTK/w6tH/A76e//UjAdXuvhx/7WBbD7vwRw0JKKk/hFzlUbzh9K7A7m09Bw:17nopf

Score

9^/10

collection credential_access discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  859236a8a9e97d4dc3af20b99da151d4c0fd0918abd4eb0f0bded04865ebc808.exe
- Size
  
  896KB
- MD5
  
  7b0a6dc0370e9c4166434aec812ff55e
- SHA1
  
  300d85af89521be343338fc7d35a92274fd563f4
- SHA256
  
  859236a8a9e97d4dc3af20b99da151d4c0fd0918abd4eb0f0bded04865ebc808
- SHA512
  
  3c594d078abd5d0dfe08de9dafdecb7ee8e69b5a970ef8eca8bccb26978568bea83a7298baff133e4b87bef64a9f3cd6ac26aba7f0035aa5950cfa0e71b243b2
- SSDEEP
  
  24576:P2yjibTK/w6tH/A76e//UjAdXuvhx/7WBbD7vwRw0JKKk/hFzlUbzh9K7A7m09Bw:17nopf
Score

9^/10

collection credential_access discovery persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

collectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer