61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6 | Triage

Sharing

General

Target

61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
Size

649KB
Sample

210511-x1cxgv2faa
MD5

f3f1f3f0cdf8808eafed30ec9c02affb
SHA1

18af6e012fd8f8e71dba08f9800e04d03905ddd2
SHA256

61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
SHA512

78635bd6f5b84133aacb87cb0430800d533779eb20295d6d20b214ba5348691560efd46a964c7fa2d8903eccc98745bcd31385cc73ea2e507e0417680d2fe358

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
- Size
  
  649KB
- MD5
  
  f3f1f3f0cdf8808eafed30ec9c02affb
- SHA1
  
  18af6e012fd8f8e71dba08f9800e04d03905ddd2
- SHA256
  
  61b13ba149c9d9968c71277bb6f904837c1b3b498c7fd584675b461e79947ab6
- SHA512
  
  78635bd6f5b84133aacb87cb0430800d533779eb20295d6d20b214ba5348691560efd46a964c7fa2d8903eccc98745bcd31385cc73ea2e507e0417680d2fe358
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Hidden Files and Directories

Bypass User Account Control

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan