d7ecfc28fcc7072d307146124a4087fcd94a949a90f36064fe4bdddacc59dd7c | Triage

Sharing

General

Target

d7ecfc28fcc7072d307146124a4087fcd94a949a90f36064fe4bdddacc59dd7cN
Size

2.2MB
Sample

240919-fzh7dasgqp
MD5

b3023016ae4e77aa88898d1e2aa84920
SHA1

2d8556f96ac569d0e6a11f5e26e3c1f146ffb77c
SHA256

d7ecfc28fcc7072d307146124a4087fcd94a949a90f36064fe4bdddacc59dd7c
SHA512

80d28a770ddcff12a408dd3d9e2b47b362bd4522aaba4c35141085fa2fc0e978ee86b272697402939a2ab4116bb95989b0d71e9d6b806c4b5565e103b03fd0d0
SSDEEP

24576:KqT9snt1slwJaHQy5Sk2z7WUtLpwbtLpwYqT9snt1slwJaHQy5Sk2z7WUtLpwbtd:fMPY92PbtL2tL8MPY92PbtL2tLMlju

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  d7ecfc28fcc7072d307146124a4087fcd94a949a90f36064fe4bdddacc59dd7cN
- Size
  
  2.2MB
- MD5
  
  b3023016ae4e77aa88898d1e2aa84920
- SHA1
  
  2d8556f96ac569d0e6a11f5e26e3c1f146ffb77c
- SHA256
  
  d7ecfc28fcc7072d307146124a4087fcd94a949a90f36064fe4bdddacc59dd7c
- SHA512
  
  80d28a770ddcff12a408dd3d9e2b47b362bd4522aaba4c35141085fa2fc0e978ee86b272697402939a2ab4116bb95989b0d71e9d6b806c4b5565e103b03fd0d0
- SSDEEP
  
  24576:KqT9snt1slwJaHQy5Sk2z7WUtLpwbtLpwYqT9snt1slwJaHQy5Sk2z7WUtLpwbtd:fMPY92PbtL2tL8MPY92PbtL2tLMlju
Score

7^/10

discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer