15d5fafb12c44a7b976cfe1a278b10a75b02d8ca6f96afae2bc88c294d89dda5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ef7e450f07bba5b26a5fa979cc49d60N.exe
Size

3.1MB
Sample

240829-pn5exa1fqb
MD5

2ef7e450f07bba5b26a5fa979cc49d60
SHA1

b4f70f64a431b01eb87abeb9c0c17d795cd6054d
SHA256

15d5fafb12c44a7b976cfe1a278b10a75b02d8ca6f96afae2bc88c294d89dda5
SHA512

4c0d97a2ff2000c8f39cc8940126daf509d0b28209b490f3f0f5e10d5eadd359df7d88301754bb7e3de04ba08d33259bcb9d3651d9658533177e8b4bb7db17aa
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB8B/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpnbVz8eLFc

Score

9^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  2ef7e450f07bba5b26a5fa979cc49d60N.exe
- Size
  
  3.1MB
- MD5
  
  2ef7e450f07bba5b26a5fa979cc49d60
- SHA1
  
  b4f70f64a431b01eb87abeb9c0c17d795cd6054d
- SHA256
  
  15d5fafb12c44a7b976cfe1a278b10a75b02d8ca6f96afae2bc88c294d89dda5
- SHA512
  
  4c0d97a2ff2000c8f39cc8940126daf509d0b28209b490f3f0f5e10d5eadd359df7d88301754bb7e3de04ba08d33259bcb9d3651d9658533177e8b4bb7db17aa
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB8B/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpnbVz8eLFc
Score

9^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer