a45341621c1e3e058096ae5b6829202aadb5bfd4b06dfa4a9e66249d2db500c9 | Triage

Sharing

General

Target

uncategorized_0.5.4.3.vir
Size

139KB
Sample

200719-2rs4ykg66n
MD5

4645ee774d4191213ba90469f765b200
SHA1

b3510f9c344145c10c10117f56e30ebd534b425e
SHA256

a45341621c1e3e058096ae5b6829202aadb5bfd4b06dfa4a9e66249d2db500c9
SHA512

affb42ce81b55a7744f325b32c8c8c733fa2446e5debcb63a429ddd5290ca73f108744a00a555b8dc714ec1a3b659e372581390e9978b9b4f6382c49ff309fef

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  uncategorized_0.5.4.3.vir
- Size
  
  139KB
- MD5
  
  4645ee774d4191213ba90469f765b200
- SHA1
  
  b3510f9c344145c10c10117f56e30ebd534b425e
- SHA256
  
  a45341621c1e3e058096ae5b6829202aadb5bfd4b06dfa4a9e66249d2db500c9
- SHA512
  
  affb42ce81b55a7744f325b32c8c8c733fa2446e5debcb63a429ddd5290ca73f108744a00a555b8dc714ec1a3b659e372581390e9978b9b4f6382c49ff309fef
Score

8^/10

spyware persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarepersistence

behavioral2