9a641f05e2c6184b44ca975cce32dcff41a40edaf91101711b4f3304dca01cf9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a641f05e2c6184b44ca975cce32dcff41a40edaf91101711b4f3304dca01cf9
Size

2.0MB
Sample

240901-dm3ddazfrd
MD5

9ddbf0b35b35400e79a2335c832cddeb
SHA1

4d86fb0635ffee72b17e247820dec2a4e8455629
SHA256

9a641f05e2c6184b44ca975cce32dcff41a40edaf91101711b4f3304dca01cf9
SHA512

498d6b9fe2bb880948fd7b4f52ae337d480777cdee0a935ade1f11ec25091628d090f10cafd1d3399449d3294ee0e8c9431a862652e3b5e3f1c0e8a7db1ac32a
SSDEEP

49152:PVAbwUQUFD1VR+zbTPDyoW53zJJfvRCYd60p9e9bldMi:NACQZGbo1HRCYd6b9x+

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  9a641f05e2c6184b44ca975cce32dcff41a40edaf91101711b4f3304dca01cf9
- Size
  
  2.0MB
- MD5
  
  9ddbf0b35b35400e79a2335c832cddeb
- SHA1
  
  4d86fb0635ffee72b17e247820dec2a4e8455629
- SHA256
  
  9a641f05e2c6184b44ca975cce32dcff41a40edaf91101711b4f3304dca01cf9
- SHA512
  
  498d6b9fe2bb880948fd7b4f52ae337d480777cdee0a935ade1f11ec25091628d090f10cafd1d3399449d3294ee0e8c9431a862652e3b5e3f1c0e8a7db1ac32a
- SSDEEP
  
  49152:PVAbwUQUFD1VR+zbTPDyoW53zJJfvRCYd60p9e9bldMi:NACQZGbo1HRCYd6b9x+
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer