33b8da72d67e487d406221f6c56054ecf193127356e49c171c57a24a83515e29 | Triage

Sharing

General

Target

No product name 1.0.0.exe.bad3
Size

68.2MB
Sample

240928-z2s9xazblb
MD5

c19617413e3372faca71812343718cc3
SHA1

20b44066f566085ba090ff56392ec4d00267365b
SHA256

33b8da72d67e487d406221f6c56054ecf193127356e49c171c57a24a83515e29
SHA512

5de54216490aa6f682871bfc5160871d37f811efac1d134c8d6b52f8aa591678a5c8a629711bce6242cbaf0c0ab8aab0afaaa1ae04af593e85e02aef5a2369c0
SSDEEP

1572864:IcMms8vwfwLo1gC7WPsctEvd7B5m+DEiL9XjcY/37:pMms8vwfMo1R7WPZtEv1/m+DEkYY/37

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  No product name.exe
- Size
  
  154.7MB
- MD5
  
  5a64c63eedffd27a1cbf928842003824
- SHA1
  
  55661ceb6ba4849f6f953cc7e4955bbcacad1740
- SHA256
  
  f24185546ba25a648f25b2e0f7d1ea92d1e0755d0bb00552c41c5324ce06f3d6
- SHA512
  
  24fd9f005173e18525ae391cc8963e6e80b5a07dec48296895a04bf8cfdc41e89993eef6625575bb2df491afc958a606a9909b53a3e8ac656a0d9a852bc43568
- SSDEEP
  
  1572864:kTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:/v6E70+Mk
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer