c210b2aa9f380a879cddb6ee08021795b54665a16232f3451ba4acc42f75d51b | Triage

Sharing

General

Target

c210b2aa9f380a879cddb6ee08021795b54665a16232f3451ba4acc42f75d51b
Size

2.6MB
Sample

240920-tn781svgjg
MD5

318d2c741656f06f7d7aa2da999a32f9
SHA1

0522ded7028b5cabcacf251fa66bbaa97658eb14
SHA256

c210b2aa9f380a879cddb6ee08021795b54665a16232f3451ba4acc42f75d51b
SHA512

5f4ef057b74e27fde7970f714db3fbc9585ffe4ef3096c89297b4a892446c4790373dfe2c6b0c784c25869c0a85ba22d71627c2012b4b9011e46ac3f840c9fe0
SSDEEP

12288:vj7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7Y:3cX

Score

10^/10

discovery evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  c210b2aa9f380a879cddb6ee08021795b54665a16232f3451ba4acc42f75d51b
- Size
  
  2.6MB
- MD5
  
  318d2c741656f06f7d7aa2da999a32f9
- SHA1
  
  0522ded7028b5cabcacf251fa66bbaa97658eb14
- SHA256
  
  c210b2aa9f380a879cddb6ee08021795b54665a16232f3451ba4acc42f75d51b
- SHA512
  
  5f4ef057b74e27fde7970f714db3fbc9585ffe4ef3096c89297b4a892446c4790373dfe2c6b0c784c25869c0a85ba22d71627c2012b4b9011e46ac3f840c9fe0
- SSDEEP
  
  12288:vj7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7j7Y:3cX
Score

10^/10

discovery evasion persistence spyware stealer
- Modifies visibility of file extensions in Explorer
  evasion
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistencespywarestealer