c348002e3d2cf40a2fc3c819a96b1735dc451bb3ec32ba9355feaccd3eee63c0 | Triage

Sharing

General

Target

c348002e3d2cf40a2fc3c819a96b1735dc451bb3ec32ba9355feaccd3eee63c0.msi
Size

13.8MB
Sample

241212-c67xjaslep
MD5

5d2922491b47e1c355103194e069e5ac
SHA1

eb918f926c9cc2f9239f1dfe0380727c8170982c
SHA256

c348002e3d2cf40a2fc3c819a96b1735dc451bb3ec32ba9355feaccd3eee63c0
SHA512

522be674a5fb20af9a4fa42315ae8e780df3310f5b0ea8feccca1cf788cd6af542226aed65e9c6f7353d2daf954522f4067880626a2ccf4b7793178b57eb0bd9
SSDEEP

393216:GDFCbAjiImi73v4JPUQ6Rm1feeuQx1qbvto:GRCbAjCK6PEm12ZQx1qbFo

Score

7^/10

collection discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  c348002e3d2cf40a2fc3c819a96b1735dc451bb3ec32ba9355feaccd3eee63c0.msi
- Size
  
  13.8MB
- MD5
  
  5d2922491b47e1c355103194e069e5ac
- SHA1
  
  eb918f926c9cc2f9239f1dfe0380727c8170982c
- SHA256
  
  c348002e3d2cf40a2fc3c819a96b1735dc451bb3ec32ba9355feaccd3eee63c0
- SHA512
  
  522be674a5fb20af9a4fa42315ae8e780df3310f5b0ea8feccca1cf788cd6af542226aed65e9c6f7353d2daf954522f4067880626a2ccf4b7793178b57eb0bd9
- SSDEEP
  
  393216:GDFCbAjiImi73v4JPUQ6Rm1feeuQx1qbvto:GRCbAjCK6PEm12ZQx1qbFo
Score

7^/10

collection discovery persistence privilege_escalation spyware stealer
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

System Binary Proxy Execution

Msiexec

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

collectiondiscoverypersistenceprivilege_escalationspywarestealer