07f08ecb3448126fef108775792e46de3238edd70836c8f3f44f44119e5c3c9a | Triage

Sharing

General

Target

07f08ecb3448126fef108775792e46de3238edd70836c8f3f44f44119e5c3c9aN
Size

3.1MB
Sample

241014-bw4lpavdrd
MD5

b10d8da598afbfd7bcee9dcc7eea5550
SHA1

02a23f737bda43e5a2ae2a4c6de9b9d91e479ff0
SHA256

07f08ecb3448126fef108775792e46de3238edd70836c8f3f44f44119e5c3c9a
SHA512

c6c1a39f5769895c6dcc6235b0ee5224615b6fc17e79528661b0a39a6703356218f9323764e2790a1ef9c57d964ee7738e4d228ef90dd242ace20096b317c982
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBAB/bSqz8b6LNXJqI20:sxX7QnxrloE5dpUprbVz8eLFcz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  07f08ecb3448126fef108775792e46de3238edd70836c8f3f44f44119e5c3c9aN
- Size
  
  3.1MB
- MD5
  
  b10d8da598afbfd7bcee9dcc7eea5550
- SHA1
  
  02a23f737bda43e5a2ae2a4c6de9b9d91e479ff0
- SHA256
  
  07f08ecb3448126fef108775792e46de3238edd70836c8f3f44f44119e5c3c9a
- SHA512
  
  c6c1a39f5769895c6dcc6235b0ee5224615b6fc17e79528661b0a39a6703356218f9323764e2790a1ef9c57d964ee7738e4d228ef90dd242ace20096b317c982
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBAB/bSqz8b6LNXJqI20:sxX7QnxrloE5dpUprbVz8eLFcz
Score

7^/10

discovery persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer