180ac27d91eb5e37defa7af8faf0cef0a5117ad2c6d97de5528d94ec37d3671d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-01_f881b474353e6e4d49ca6c78e44c5982_cobalt-strike_ryuk
Size

2.1MB
Sample

240901-krbjsawepk
MD5

f881b474353e6e4d49ca6c78e44c5982
SHA1

73da7ff76d341fa632aa52a03912662a41d2f785
SHA256

180ac27d91eb5e37defa7af8faf0cef0a5117ad2c6d97de5528d94ec37d3671d
SHA512

1ec9391c6d6b191fa5c9509dc6b4c31102ce1a2ff3c9702806e624b2c3f7e924de57a3caf0c01fd0287aaa9674c2e75cfe3a708c6a3aa3881c66df489ef69206
SSDEEP

49152:0XWtcDco9YXPtSjeJgEjTmucUaB0zj0yjoB2:0SAYXPwtEjELB2Yyjl

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-09-01_f881b474353e6e4d49ca6c78e44c5982_cobalt-strike_ryuk
- Size
  
  2.1MB
- MD5
  
  f881b474353e6e4d49ca6c78e44c5982
- SHA1
  
  73da7ff76d341fa632aa52a03912662a41d2f785
- SHA256
  
  180ac27d91eb5e37defa7af8faf0cef0a5117ad2c6d97de5528d94ec37d3671d
- SHA512
  
  1ec9391c6d6b191fa5c9509dc6b4c31102ce1a2ff3c9702806e624b2c3f7e924de57a3caf0c01fd0287aaa9674c2e75cfe3a708c6a3aa3881c66df489ef69206
- SSDEEP
  
  49152:0XWtcDco9YXPtSjeJgEjTmucUaB0zj0yjoB2:0SAYXPwtEjELB2Yyjl
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2