b40c65c49b987514cf7edf1287b5562d9dee506835e7208302bfecf71edd44c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcca5060b97d4b003bd960ca7afa9600N.exe
Size

897KB
Sample

240901-gjjzeatakk
MD5

bcca5060b97d4b003bd960ca7afa9600
SHA1

c98d164bc3b564f53cbc9ec55c9ca62eb5305d73
SHA256

b40c65c49b987514cf7edf1287b5562d9dee506835e7208302bfecf71edd44c1
SHA512

8044a79937145b7f87ecbbb9fe487ce2e320bf445545e32bc425e9530dcebc3fcead1b12a32212ed6727b15f78b36d84124332593d7f0a9a6a880a72e1774186
SSDEEP

24576:7PT80SR76+GxaDhSDdrdpgukMjK/k//Ml:M0SROiSDNgurK3

Score

9^/10

discovery evasion spyware stealer

Malware Config

Targets

- Target
  
  bcca5060b97d4b003bd960ca7afa9600N.exe
- Size
  
  897KB
- MD5
  
  bcca5060b97d4b003bd960ca7afa9600
- SHA1
  
  c98d164bc3b564f53cbc9ec55c9ca62eb5305d73
- SHA256
  
  b40c65c49b987514cf7edf1287b5562d9dee506835e7208302bfecf71edd44c1
- SHA512
  
  8044a79937145b7f87ecbbb9fe487ce2e320bf445545e32bc425e9530dcebc3fcead1b12a32212ed6727b15f78b36d84124332593d7f0a9a6a880a72e1774186
- SSDEEP
  
  24576:7PT80SR76+GxaDhSDdrdpgukMjK/k//Ml:M0SROiSDNgurK3
Score

9^/10

discovery evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealer

behavioral2

discoveryevasionspywarestealer