4ce5dda2c3d39cc6c22058add4b64fbedc20f11ba06768b0a3b959f20c88f5fa | Triage

Sharing

General

Target

XINOF.exe
Size

561KB
Sample

200712-55dcwcmw3n
MD5

ff23cd4f45d231f8af9f23a2e730bee6
SHA1

0eea13dc19ab5de9ec7ffd81ef89bddf5994f6ef
SHA256

4ce5dda2c3d39cc6c22058add4b64fbedc20f11ba06768b0a3b959f20c88f5fa
SHA512

78c90354ca919c7bdce56034b1a432e7c3a0860b9faf9d351f74c50c3a8521c343a29d5c9c8babbedcc741acdc4138dc6e3cdc2c8e337f97ed5b99cf583102e8

Score

8^/10

discovery evasion persistence spyware

Malware Config

Targets

- Target
  
  XINOF.exe
- Size
  
  561KB
- MD5
  
  ff23cd4f45d231f8af9f23a2e730bee6
- SHA1
  
  0eea13dc19ab5de9ec7ffd81ef89bddf5994f6ef
- SHA256
  
  4ce5dda2c3d39cc6c22058add4b64fbedc20f11ba06768b0a3b959f20c88f5fa
- SHA512
  
  78c90354ca919c7bdce56034b1a432e7c3a0860b9faf9d351f74c50c3a8521c343a29d5c9c8babbedcc741acdc4138dc6e3cdc2c8e337f97ed5b99cf583102e8
Score

8^/10

spyware persistence evasion discovery
- Disables Task Manager via registry modification
  evasion
- Drops startup file
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarepersistenceevasiondiscovery

behavioral2

persistenceevasiondiscovery