2646461707172485e60002d3ed77c130ccb02fd2ffc8a97756100d3194991858 | Triage

Sharing

General

Target

2646461707172485e60002d3ed77c130ccb02fd2ffc8a97756100d3194991858
Size

8.2MB
Sample

240829-pejrvasgql
MD5

d0903c92f559b7b635ad4fe5f1ec23c9
SHA1

825169238eb46f4167e554e1f53d4b2fe7cadd74
SHA256

2646461707172485e60002d3ed77c130ccb02fd2ffc8a97756100d3194991858
SHA512

d638fe4c3bfc11b4717ad6eeb8ea43aa93ac37bac92af8cf4d771f60e058b15cea3bdb1f4f043b081df7fab13972a7465bc7b69410b703cf6247aa6684e2143c
SSDEEP

196608:Ieq1uQZt6j8lRv935xxRtXLRkxCeO4fdU:Af8j8l1bRt70O4m

Score

9^/10

discovery evasion spyware stealer

Malware Config

Targets

- Target
  
  2646461707172485e60002d3ed77c130ccb02fd2ffc8a97756100d3194991858
- Size
  
  8.2MB
- MD5
  
  d0903c92f559b7b635ad4fe5f1ec23c9
- SHA1
  
  825169238eb46f4167e554e1f53d4b2fe7cadd74
- SHA256
  
  2646461707172485e60002d3ed77c130ccb02fd2ffc8a97756100d3194991858
- SHA512
  
  d638fe4c3bfc11b4717ad6eeb8ea43aa93ac37bac92af8cf4d771f60e058b15cea3bdb1f4f043b081df7fab13972a7465bc7b69410b703cf6247aa6684e2143c
- SSDEEP
  
  196608:Ieq1uQZt6j8lRv935xxRtXLRkxCeO4fdU:Af8j8l1bRt70O4m
Score

9^/10

discovery evasion spyware stealer
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasionspywarestealer