da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba | Triage

Submit
Reports

Overview

overview

7

Static

static

3

da4d0b3815...ba.exe

windows7-x64

7

da4d0b3815...ba.exe

windows10-2004-x64

7

Sharing

General

Target

da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba
Size

3.2MB
Sample

240701-dzdwjsyaqk
MD5

ed5b27e7236928dfea15258778557f3a
SHA1

e8fbc9d9a3dd0c81b70c0f69f6491199ad2ef167
SHA256

da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba
SHA512

23fc5b9dd228baab034d5202af781b8b86faa0f03416ae8893f6081cc4aa593b583c729dcae7a8785df39c32f44ba803f351c310d685d475db12eb6dcc59b64f
SSDEEP

49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBzB/bSqz8:sxX7QnxrloE5dpUpkbVz8

Score

7^/10

persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba.exe

Resource

win7-20240508-en

persistence spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba.exe

Resource

win10v2004-20240611-en

persistence spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba
- Size
  
  3.2MB
- MD5
  
  ed5b27e7236928dfea15258778557f3a
- SHA1
  
  e8fbc9d9a3dd0c81b70c0f69f6491199ad2ef167
- SHA256
  
  da4d0b3815275f086f7f8083be092dd05086f1f844a0b24bdc87affea76c8fba
- SHA512
  
  23fc5b9dd228baab034d5202af781b8b86faa0f03416ae8893f6081cc4aa593b583c729dcae7a8785df39c32f44ba803f351c310d685d475db12eb6dcc59b64f
- SSDEEP
  
  49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBzB/bSqz8:sxX7QnxrloE5dpUpkbVz8
Score

7^/10

persistence spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy