d937141eded7f1ab8b6f8e329b78e474037ee0fb50332896dcfc1e4f588a1725 | Triage

Sharing

General

Target

d937141eded7f1ab8b6f8e329b78e474037ee0fb50332896dcfc1e4f588a1725N
Size

376KB
Sample

240919-dvdd8ayapd
MD5

d484d219ce58d3bb2cc5f939b99626e0
SHA1

3c141c06bd704dd5df9a7df4c31b7f1978befec9
SHA256

d937141eded7f1ab8b6f8e329b78e474037ee0fb50332896dcfc1e4f588a1725
SHA512

276107d284e5b1686734f40516646e04fda0fd96641282c5fc896d9cdaea3b4644e327be23fbfa8206d6abd5deaeffdbc180e0f58a9dd372f33a07cfc471085f
SSDEEP

6144:/rTfUHeeSKOS9ccFKk3Y9t9YZCgKg2DHQ5DJEJm/6UtWj882D:/n8yN0Mr8ZCnIDJEJ8tWj88w

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  d937141eded7f1ab8b6f8e329b78e474037ee0fb50332896dcfc1e4f588a1725N
- Size
  
  376KB
- MD5
  
  d484d219ce58d3bb2cc5f939b99626e0
- SHA1
  
  3c141c06bd704dd5df9a7df4c31b7f1978befec9
- SHA256
  
  d937141eded7f1ab8b6f8e329b78e474037ee0fb50332896dcfc1e4f588a1725
- SHA512
  
  276107d284e5b1686734f40516646e04fda0fd96641282c5fc896d9cdaea3b4644e327be23fbfa8206d6abd5deaeffdbc180e0f58a9dd372f33a07cfc471085f
- SSDEEP
  
  6144:/rTfUHeeSKOS9ccFKk3Y9t9YZCgKg2DHQ5DJEJm/6UtWj882D:/n8yN0Mr8ZCnIDJEJ8tWj88w
Score

7^/10

discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistencespywarestealer