c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a | Triage

Sharing

General

Target

c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a
Size

72KB
Sample

240909-r9ahrswele
MD5

5dd18ff4345abfe77af08f42d954cd63
SHA1

8a513783bc18aab4fa066e67718f638519144a1e
SHA256

c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a
SHA512

25413e9a76a1e77bedd62c3bf0b34cdcd016c5076f2bb53596d8d5fb83110ed19246fc61358bc2b1830afda74661e23d524e142136f7bf56ab2b25ea346f1906
SSDEEP

1536:8Ze+Zk7VJbwlYXjPrsqrZMYR5p8wUawuzXv4exFRKs9uhh:8Ze+azbRPrlr9RXFUawuzX+kuX

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a
- Size
  
  72KB
- MD5
  
  5dd18ff4345abfe77af08f42d954cd63
- SHA1
  
  8a513783bc18aab4fa066e67718f638519144a1e
- SHA256
  
  c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a
- SHA512
  
  25413e9a76a1e77bedd62c3bf0b34cdcd016c5076f2bb53596d8d5fb83110ed19246fc61358bc2b1830afda74661e23d524e142136f7bf56ab2b25ea346f1906
- SSDEEP
  
  1536:8Ze+Zk7VJbwlYXjPrsqrZMYR5p8wUawuzXv4exFRKs9uhh:8Ze+azbRPrlr9RXFUawuzX+kuX
Score

7^/10

discovery spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer