7bbb7f3288a99c6a01015de7f169e80d70e511683d036ca1da6123bb26f8653b | Triage

Sharing

General

Target

2024-11-19_ba60451d17378c3937103f73884328ee_ryuk
Size

1.0MB
Sample

241119-yc5qza1jfx
MD5

ba60451d17378c3937103f73884328ee
SHA1

b0b84f78713e25d0f027e84d45014ba20ab62c4e
SHA256

7bbb7f3288a99c6a01015de7f169e80d70e511683d036ca1da6123bb26f8653b
SHA512

18a351bcc968a751917900ab2d0377996e7f4adc42d47d9dcb7e493ac7634a325b807640626962f8295fbfd56d393eab492598ad4f58dbcf5e68b3378f3d7793
SSDEEP

24576:IiBEkWqwXeAVmYrmaouGSPGM9ZQ8GYelhwOXGEDgm6:Qz5Xe6XrdPGM7nmoOl

Score

7^/10

persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  2024-11-19_ba60451d17378c3937103f73884328ee_ryuk
- Size
  
  1.0MB
- MD5
  
  ba60451d17378c3937103f73884328ee
- SHA1
  
  b0b84f78713e25d0f027e84d45014ba20ab62c4e
- SHA256
  
  7bbb7f3288a99c6a01015de7f169e80d70e511683d036ca1da6123bb26f8653b
- SHA512
  
  18a351bcc968a751917900ab2d0377996e7f4adc42d47d9dcb7e493ac7634a325b807640626962f8295fbfd56d393eab492598ad4f58dbcf5e68b3378f3d7793
- SSDEEP
  
  24576:IiBEkWqwXeAVmYrmaouGSPGM9ZQ8GYelhwOXGEDgm6:Qz5Xe6XrdPGM7nmoOl
Score

7^/10

persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalationspywarestealer