8f1e68f98a9def2f9565f99e8eb12915e72a40e0ef71a4059cb2d593ab72e5d8 | Triage

Sharing

General

Target

Setup.zip
Size

355KB
Sample

250303-rpjkyazpt5
MD5

ddd1ed7ec96ce83a3dc114e8a9356e16
SHA1

97b0d807748a9df28b751ffaa3e171cdb1f24f4e
SHA256

8f1e68f98a9def2f9565f99e8eb12915e72a40e0ef71a4059cb2d593ab72e5d8
SHA512

c2c5ba8f45687d7d552a9da128b90ff86a2e7f0dd4949a4020ce6c968da06249e740e8cc1911621e78f768bfb149be54edfbe130b85e4e75ce4646a69117de6e
SSDEEP

6144:0hhoePFepembFZETsb00b47cp64gu8CnqQK+tlxjSmZHZ2zGEtVo/y/77TNNBvrl:0ZcImbXEF8D6TQqtezZEUy/nRNBv60

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  359KB
- MD5
  
  716fd28609feefed3b176000ef8b4dcd
- SHA1
  
  c227ebc66881f0d9af2e4172538f63755839f178
- SHA256
  
  8d35cfe186c4915d0985fc13088d924f591e03089fe13dc943029d44d1183343
- SHA512
  
  fcfad1d41ab01ed0510b128149c981387d3af91165c39fb9411263a716acc5a777a6802097f590998d1bdc0722eb4c199c59e442a31d44cfce7e0a211d6c42c6
- SSDEEP
  
  6144:3sbpkQoV6K4+BX7Kg2Y8AT3ETuLrhP6ak7Cx0nNCdmDJN9aqmBFkkOC8vjmHx:3pQKDBT8ATAwt+PUdYMFkPwx
Score

7^/10

discovery spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer