5cdb3ad25fbb205c2e94fb7406a25cf9b9ef2604eb7725598bad20b8ed3e755e | Triage

Sharing

General

Target

5cdb3ad25fbb205c2e94fb7406a25cf9b9ef2604eb7725598bad20b8ed3e755e
Size

70KB
Sample

240930-rjt5gszbll
MD5

54add39d67fddc938a876a11f88a2473
SHA1

db27d6cb23d0a8108ff62762d7ee48d42a8fdffe
SHA256

5cdb3ad25fbb205c2e94fb7406a25cf9b9ef2604eb7725598bad20b8ed3e755e
SHA512

80737880263bcfcd7f86a83061ee66241d0b3bd86b3b215fc6857e271d81af0dcc68cb371de72970c2b66655ab97160b4dcb6b0587b3586e33dce4945f782140
SSDEEP

1536:2KaYzMXqtGNttyeiZnZLYm1vriw+d9bHrkT5gUHz7FxtJ:2KaY46tGNttyeQLYm1vrBkfkT5xHzD

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  5cdb3ad25fbb205c2e94fb7406a25cf9b9ef2604eb7725598bad20b8ed3e755e
- Size
  
  70KB
- MD5
  
  54add39d67fddc938a876a11f88a2473
- SHA1
  
  db27d6cb23d0a8108ff62762d7ee48d42a8fdffe
- SHA256
  
  5cdb3ad25fbb205c2e94fb7406a25cf9b9ef2604eb7725598bad20b8ed3e755e
- SHA512
  
  80737880263bcfcd7f86a83061ee66241d0b3bd86b3b215fc6857e271d81af0dcc68cb371de72970c2b66655ab97160b4dcb6b0587b3586e33dce4945f782140
- SSDEEP
  
  1536:2KaYzMXqtGNttyeiZnZLYm1vriw+d9bHrkT5gUHz7FxtJ:2KaY46tGNttyeQLYm1vrBkfkT5xHzD
Score

8^/10

discovery spyware stealer
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer