05805d85fb7865190cbf7e876c6734c0ee1b558337bf2f8bfbc5f85199698820 | Triage

Sharing

General

Target

2024-10-03_18fc97ec28a00c867b3cd7781e0cb1e9_ryuk
Size

1.5MB
Sample

241003-w36pvazeml
MD5

18fc97ec28a00c867b3cd7781e0cb1e9
SHA1

43a2c987bfc632bfcd67f0c35bf92ce6529fba62
SHA256

05805d85fb7865190cbf7e876c6734c0ee1b558337bf2f8bfbc5f85199698820
SHA512

14c42fbfe983d0994b9596d45bd53ff75ffbf63a1410c2ae7c85f85408dd438fca7661dad0e03a9704bd9c18114525b0b15790ed4474635abacfaabfb88fcfb3
SSDEEP

24576:piBE0LqwXeAVmYysqjnhMgeiCl7G0nehbGZpbD:lG5Xe6X2Dmg27RnWGj

Score

7^/10

persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  2024-10-03_18fc97ec28a00c867b3cd7781e0cb1e9_ryuk
- Size
  
  1.5MB
- MD5
  
  18fc97ec28a00c867b3cd7781e0cb1e9
- SHA1
  
  43a2c987bfc632bfcd67f0c35bf92ce6529fba62
- SHA256
  
  05805d85fb7865190cbf7e876c6734c0ee1b558337bf2f8bfbc5f85199698820
- SHA512
  
  14c42fbfe983d0994b9596d45bd53ff75ffbf63a1410c2ae7c85f85408dd438fca7661dad0e03a9704bd9c18114525b0b15790ed4474635abacfaabfb88fcfb3
- SSDEEP
  
  24576:piBE0LqwXeAVmYysqjnhMgeiCl7G0nehbGZpbD:lG5Xe6X2Dmg27RnWGj
Score

7^/10

persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalationspywarestealer