b3a914f443419830906a4b83dce5395eb13cf16295b005dc2260412a3dcb7c39 | Triage

Sharing

General

Target

b3a914f443419830906a4b83dce5395eb13cf16295b005dc2260412a3dcb7c39.exe
Size

128KB
Sample

241121-lnk5gs1gmm
MD5

01b5a58b9dc6c12b03120e17834dd331
SHA1

5392178b429292211cfa7b6f230ef78353156059
SHA256

b3a914f443419830906a4b83dce5395eb13cf16295b005dc2260412a3dcb7c39
SHA512

ff939c5736344376c8cbcb4ae1d99038c1095bf4fefce7847cdf06886535549976c94b625c7a58fecc70ee3d49640c9d96809a83a58bf75974145ecdcfa8a89a
SSDEEP

3072:gfoYE/k5MuqR2q3Yjv5SN/JHFo8gwpqGggcbFgq3Yjv5SN/JHFoc:gf9nW2IHN/JH+7IIbFgIHN/JH+c

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  b3a914f443419830906a4b83dce5395eb13cf16295b005dc2260412a3dcb7c39.exe
- Size
  
  128KB
- MD5
  
  01b5a58b9dc6c12b03120e17834dd331
- SHA1
  
  5392178b429292211cfa7b6f230ef78353156059
- SHA256
  
  b3a914f443419830906a4b83dce5395eb13cf16295b005dc2260412a3dcb7c39
- SHA512
  
  ff939c5736344376c8cbcb4ae1d99038c1095bf4fefce7847cdf06886535549976c94b625c7a58fecc70ee3d49640c9d96809a83a58bf75974145ecdcfa8a89a
- SSDEEP
  
  3072:gfoYE/k5MuqR2q3Yjv5SN/JHFo8gwpqGggcbFgq3Yjv5SN/JHFoc:gf9nW2IHN/JH+7IIbFgIHN/JH+c
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer