51b2fe7ed5d6da110fe512ac143f26b29b8819b25f4540e93825d310d60d2511 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6dd7773f1243d53e392e0d6c8f2c9b6d.exe
Size

546KB
Sample

200709-pled2ybbhj
MD5

6dd7773f1243d53e392e0d6c8f2c9b6d
SHA1

20623a673280a1170bf2c06de4395e598db0b3eb
SHA256

51b2fe7ed5d6da110fe512ac143f26b29b8819b25f4540e93825d310d60d2511
SHA512

7767efa2ab0c0729dad5c140a1b87fc2b38b5e1b335f120b68828bd6fb6e775f7df3702788c25a2941c855e9fa493e7927206df44d7eb179b81a91751900cfde

Score

7^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  6dd7773f1243d53e392e0d6c8f2c9b6d.exe
- Size
  
  546KB
- MD5
  
  6dd7773f1243d53e392e0d6c8f2c9b6d
- SHA1
  
  20623a673280a1170bf2c06de4395e598db0b3eb
- SHA256
  
  51b2fe7ed5d6da110fe512ac143f26b29b8819b25f4540e93825d310d60d2511
- SHA512
  
  7767efa2ab0c0729dad5c140a1b87fc2b38b5e1b335f120b68828bd6fb6e775f7df3702788c25a2941c855e9fa493e7927206df44d7eb179b81a91751900cfde
Score

7^/10

persistence spyware evasion trojan
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywareevasiontrojan

behavioral2

spywarepersistence