berbew | 280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb | Triage

Sharing

General

Target

280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb.exe
Size

128KB
Sample

241123-nb3j4stmhv
MD5

6d76a2d4434f31b0d7114c5dbfc8e528
SHA1

f63f5b6f2a2fa3a1aa4068d4e9bb1ac40baca5ba
SHA256

280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb
SHA512

4f151d58a1a62052002a76c7d06a467900533c6d42f1527fd62d2229461dbf93d40ae893c1695be0cd051554c6a825300a695ba5d215679a5522ed89d3b24eaa
SSDEEP

3072:GRFylGesahRRbylPkbSAxPT9F7TR1mmeaKkbSAxPTf:GRF+sahkPkbLPT9F7TR1mmhKkbLPTf

Score

10^/10

berbew credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb.exe
- Size
  
  128KB
- MD5
  
  6d76a2d4434f31b0d7114c5dbfc8e528
- SHA1
  
  f63f5b6f2a2fa3a1aa4068d4e9bb1ac40baca5ba
- SHA256
  
  280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb
- SHA512
  
  4f151d58a1a62052002a76c7d06a467900533c6d42f1527fd62d2229461dbf93d40ae893c1695be0cd051554c6a825300a695ba5d215679a5522ed89d3b24eaa
- SSDEEP
  
  3072:GRFylGesahRRbylPkbSAxPT9F7TR1mmeaKkbSAxPTf:GRF+sahkPkbLPT9F7TR1mmhKkbLPTf
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer