e0676e14798238498be7074dec41bf98c05c0146fbf49ec1371c7a4ab19a3052 | Triage

Sharing

General

Target

2024-09-27_951253ebc4a99a4194d888bc83237249_cobalt-strike_hijackloader_ryuk
Size

112.1MB
Sample

240927-lggtgswaqp
MD5

951253ebc4a99a4194d888bc83237249
SHA1

1ebe2659f9cfb645505dee28408723a7253bb8b4
SHA256

e0676e14798238498be7074dec41bf98c05c0146fbf49ec1371c7a4ab19a3052
SHA512

41846ed72d534fcb61ccb990ad99c351e83e30189e24ce7565d697be3e4f5e2ce1fd4bae28f13064c2f48360422d173fe319509706d76da9e6a30569e26cf736
SSDEEP

3145728:6eEMe2LQ0MFGOkjy7wBIz1zlYC5BoGFffU0ZM:REpMOk+mIz1zRfoWfXM

Score

6^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  2024-09-27_951253ebc4a99a4194d888bc83237249_cobalt-strike_hijackloader_ryuk
- Size
  
  112.1MB
- MD5
  
  951253ebc4a99a4194d888bc83237249
- SHA1
  
  1ebe2659f9cfb645505dee28408723a7253bb8b4
- SHA256
  
  e0676e14798238498be7074dec41bf98c05c0146fbf49ec1371c7a4ab19a3052
- SHA512
  
  41846ed72d534fcb61ccb990ad99c351e83e30189e24ce7565d697be3e4f5e2ce1fd4bae28f13064c2f48360422d173fe319509706d76da9e6a30569e26cf736
- SSDEEP
  
  3145728:6eEMe2LQ0MFGOkjy7wBIz1zlYC5BoGFffU0ZM:REpMOk+mIz1zRfoWfXM
Score

6^/10

discovery spyware stealer
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer