471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975 | Triage

Resubmissions

01-07-2020 13:24

200701-3ayryqmz26 10

30-06-2020 05:41

200630-m1a6tbcjt2 10

Sharing

General

Target

data.bin
Size

119KB
Sample

200701-3ayryqmz26
MD5

f500854e3cf9556688203a3d869b7d6d
SHA1

281aab2eb26f31cf2255e2f5a467fc5eebda8df8
SHA256

471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
SHA512

bccb54a68003bde3304dd6824f4bc6a3a5f06995a85bf371b1581fd00e0dc9ff40a1765594b61da9a2cbdf9c0372916a8694af2a66759a534b746981418101d4

Score

10^/10

discovery evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  data.bin
- Size
  
  119KB
- MD5
  
  f500854e3cf9556688203a3d869b7d6d
- SHA1
  
  281aab2eb26f31cf2255e2f5a467fc5eebda8df8
- SHA256
  
  471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
- SHA512
  
  bccb54a68003bde3304dd6824f4bc6a3a5f06995a85bf371b1581fd00e0dc9ff40a1765594b61da9a2cbdf9c0372916a8694af2a66759a534b746981418101d4
Score

10^/10

spyware persistence evasion trojan discovery
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Enumerates connected drives
- Modifies system certificate store
  evasion spyware trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarepersistenceevasiontrojandiscovery