6f630e829c89ab5f88750bac15739301b9cb43d13bc247c94e70b0e4295378c8 | Triage

Resubmissions

02-09-2024 21:14

240902-z3rgpsxcnm 9

02-09-2024 21:08

240902-zyvnkaxbqj 9

02-09-2024 20:57

240902-zrx54sxapk 9

02-09-2024 20:52

240902-znsffsxajm 9

Sharing

General

Target

CampPinecrest.exe
Size

79.7MB
Sample

240902-zyvnkaxbqj
MD5

201e78f670e9e14aa6a28e5dac81c23c
SHA1

471234e194d5c2eb5c5b44fb76140b20c4aa7541
SHA256

6f630e829c89ab5f88750bac15739301b9cb43d13bc247c94e70b0e4295378c8
SHA512

639b649e069c280084df11037d30d1b02ec50096b687869f813f49542cf23b76f22be83ecb381f1aff921c30df876a9ba4eaf4beec192c0a6ebf04683660404d
SSDEEP

1572864:XBJ39KZD4y9MXs6IB8ceyIS7nqYdd6hIEhSmn6nlN/RF/:X4j9M86I/vP7nMhJnUXRR

Score

9^/10

credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  CampPinecrest.exe
- Size
  
  79.7MB
- MD5
  
  201e78f670e9e14aa6a28e5dac81c23c
- SHA1
  
  471234e194d5c2eb5c5b44fb76140b20c4aa7541
- SHA256
  
  6f630e829c89ab5f88750bac15739301b9cb43d13bc247c94e70b0e4295378c8
- SHA512
  
  639b649e069c280084df11037d30d1b02ec50096b687869f813f49542cf23b76f22be83ecb381f1aff921c30df876a9ba4eaf4beec192c0a6ebf04683660404d
- SSDEEP
  
  1572864:XBJ39KZD4y9MXs6IB8ceyIS7nqYdd6hIEhSmn6nlN/RF/:X4j9M86I/vP7nMhJnUXRR
Score

9^/10

credential_access discovery spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer