ec7d9416dc8f26e885d0caed62dff7ed944e9da6bec15364086832ed24616c9d | Triage

Sharing

General

Target

ec7d9416dc8f26e885d0caed62dff7ed944e9da6bec15364086832ed24616c9d
Size

403KB
Sample

250218-jqqrmsyncq
MD5

b4c66d6b921bb611cb7dd6cf4ab63009
SHA1

ae0d876bff36559b0ae2dd9d4058b606d84b86a9
SHA256

ec7d9416dc8f26e885d0caed62dff7ed944e9da6bec15364086832ed24616c9d
SHA512

1dc4f0b421d7750ba90d42a0383a335ca43ee45e03d4359dcd2322c9ebbcad26de85f86ad92adca34742982370d18d38aa3698635367a63f888fd43671b13474
SSDEEP

6144:I+azbRZvxnDXYQ/BWJjmpgtBZQZKQj8p3jyb7HREd4SZ1tzLbF:I+azbvxDXYJmSTZwYp32bY4qtDF

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ec7d9416dc8f26e885d0caed62dff7ed944e9da6bec15364086832ed24616c9d
- Size
  
  403KB
- MD5
  
  b4c66d6b921bb611cb7dd6cf4ab63009
- SHA1
  
  ae0d876bff36559b0ae2dd9d4058b606d84b86a9
- SHA256
  
  ec7d9416dc8f26e885d0caed62dff7ed944e9da6bec15364086832ed24616c9d
- SHA512
  
  1dc4f0b421d7750ba90d42a0383a335ca43ee45e03d4359dcd2322c9ebbcad26de85f86ad92adca34742982370d18d38aa3698635367a63f888fd43671b13474
- SSDEEP
  
  6144:I+azbRZvxnDXYQ/BWJjmpgtBZQZKQj8p3jyb7HREd4SZ1tzLbF:I+azbvxDXYJmSTZwYp32bY4qtDF
Score

7^/10

discovery spyware stealer
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer