45921980c3fbc6cc7b8e0ebfe7f25c292fa46eaa7a0ed6079ae54a7d90d4e8a3 | Triage

Sharing

General

Target

7f4482e9ab02f158feef9a7a877be904.zip
Size

222KB
Sample

240903-c5rh6awena
MD5

90c7f4e756b8cd3333afa5b251c80a89
SHA1

eba6c4b97dd4107f75c8b1e794f579310aae7880
SHA256

45921980c3fbc6cc7b8e0ebfe7f25c292fa46eaa7a0ed6079ae54a7d90d4e8a3
SHA512

3b807bc4ebcb4742eeee06cca625d3c99ecccd8de6b4cb54a61cd192e4b727bdb9f4bb32a43d03e6a13186c3aff621c2beb538b85217926eb463ec7d8b2f4fd4
SSDEEP

6144:l5Uo8D/14SaWXJrUMNeCv4CS8Nlviv4j6jd20YjDBsnJANFur765:fUd4SaWZVxk8Nlv4qsBYhSIurm5

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  9b152b0d7b72e6533cf64fa984e23a90cfeee970d37159028ef43d55bac373b3
- Size
  
  256KB
- MD5
  
  7f4482e9ab02f158feef9a7a877be904
- SHA1
  
  9e8ae465f725d2f964aef49fbd4135d6e56d7bdd
- SHA256
  
  9b152b0d7b72e6533cf64fa984e23a90cfeee970d37159028ef43d55bac373b3
- SHA512
  
  35fc67184ff7863d5d5080d3a7500f5cd7ef754f101eb0ee2135c07ae24ef1d1ea0ce54bf2bb9dfba04c5aa067977b9a246219a42170cb1a0177d28725e4fced
- SSDEEP
  
  6144:6tUlO364gHVygiB1C64gHvXXzU64gHVygiB1C64gH:LdfriBHf/XLfriBHf
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer