db91946513e74b2d19ab52603582e09371f9dfc1c27862baff04f2ed422afae2 | Triage

Sharing

General

Target

db91946513e74b2d19ab52603582e09371f9dfc1c27862baff04f2ed422afae2.exe
Size

966KB
Sample

241121-k5llxazgjg
MD5

0ac261ab4c4a757a3f5901fb018ec763
SHA1

955efb9882c85d9e6fd905d98a2afcbfb7cd952c
SHA256

db91946513e74b2d19ab52603582e09371f9dfc1c27862baff04f2ed422afae2
SHA512

249e61ca286a445e714fa5aa9b5686b531db094979b77b27f155dee01abe2d0c082cf60081a5e2f7a9de8d1730d101cb70f717f6e37010eb2ed5c6c9a3ba6993
SSDEEP

12288:8uPUTLYcAaUMhUhLupXshh1PEd5hOoE+L77QFIVPnvZksCSsMeuPoG32jt+yna:8uPmLDUMihIXCE5Gu779fv7CSsPt+z

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  db91946513e74b2d19ab52603582e09371f9dfc1c27862baff04f2ed422afae2.exe
- Size
  
  966KB
- MD5
  
  0ac261ab4c4a757a3f5901fb018ec763
- SHA1
  
  955efb9882c85d9e6fd905d98a2afcbfb7cd952c
- SHA256
  
  db91946513e74b2d19ab52603582e09371f9dfc1c27862baff04f2ed422afae2
- SHA512
  
  249e61ca286a445e714fa5aa9b5686b531db094979b77b27f155dee01abe2d0c082cf60081a5e2f7a9de8d1730d101cb70f717f6e37010eb2ed5c6c9a3ba6993
- SSDEEP
  
  12288:8uPUTLYcAaUMhUhLupXshh1PEd5hOoE+L77QFIVPnvZksCSsMeuPoG32jt+yna:8uPmLDUMihIXCE5Gu779fv7CSsPt+z
Score

7^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer