f4f07e16de09d5cfc8471490f6df3550c0c1a94f5b517d203b54d83be757c1fb | Triage

Sharing

General

Target

f4f07e16de09d5cfc8471490f6df3550c0c1a94f5b517d203b54d83be757c1fb.exe
Size

1.5MB
Sample

241121-mxdbns1pcs
MD5

9a4cb5b1afaf1fe83375334bea26f035
SHA1

6f68ceef73933cc860bfe57afdfa92ef5141705f
SHA256

f4f07e16de09d5cfc8471490f6df3550c0c1a94f5b517d203b54d83be757c1fb
SHA512

ec8bbc1fccc84b61018679822ff39194595c45038e034c0bbeaa24e606fe22638d4bb6156467033b46eaece68867ae49de98dcc4add672b24b02710926def33a
SSDEEP

12288:8uPUTLYcAaUMhUhLupXshh1PEd5hOoMSACGOi68dG9TWRzSZYdTNMgtfpW6hNTkB:8uPmLDUMihIXCE5uEGOivISWYv2TKwn

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  f4f07e16de09d5cfc8471490f6df3550c0c1a94f5b517d203b54d83be757c1fb.exe
- Size
  
  1.5MB
- MD5
  
  9a4cb5b1afaf1fe83375334bea26f035
- SHA1
  
  6f68ceef73933cc860bfe57afdfa92ef5141705f
- SHA256
  
  f4f07e16de09d5cfc8471490f6df3550c0c1a94f5b517d203b54d83be757c1fb
- SHA512
  
  ec8bbc1fccc84b61018679822ff39194595c45038e034c0bbeaa24e606fe22638d4bb6156467033b46eaece68867ae49de98dcc4add672b24b02710926def33a
- SSDEEP
  
  12288:8uPUTLYcAaUMhUhLupXshh1PEd5hOoMSACGOi68dG9TWRzSZYdTNMgtfpW6hNTkB:8uPmLDUMihIXCE5uEGOivISWYv2TKwn
Score

7^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer