74d74e7da724014c17890327f3464b435314f480eb46553723ce0766941b38da | Triage

Sharing

General

Target

Mopigyo.exe
Size

546KB
Sample

200709-twynh4tqsn
MD5

790d5b40c6c93e4b5b404c61de360acc
SHA1

a50f19294e5553b62f26792c43b5ee1d94efe04e
SHA256

74d74e7da724014c17890327f3464b435314f480eb46553723ce0766941b38da
SHA512

57bfba46ac49d674fd09332d055c9be45112dc53805e4e102f748a65b016cbc62459a7cebb257a993afb022eb9c35a33f68c5ebd4009c0979497626b4e7c6626

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  Mopigyo.exe
- Size
  
  546KB
- MD5
  
  790d5b40c6c93e4b5b404c61de360acc
- SHA1
  
  a50f19294e5553b62f26792c43b5ee1d94efe04e
- SHA256
  
  74d74e7da724014c17890327f3464b435314f480eb46553723ce0766941b38da
- SHA512
  
  57bfba46ac49d674fd09332d055c9be45112dc53805e4e102f748a65b016cbc62459a7cebb257a993afb022eb9c35a33f68c5ebd4009c0979497626b4e7c6626
Score

8^/10

spyware evasion trojan persistence
- Adds Run entry to policy start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywareevasiontrojanpersistence

behavioral2

persistencespyware