8baef64e7e99be9eae669f1d2af78d40ec4a1807da7cdd7e80fb5a9787dadc92 | Triage

Sharing

General

Target

8baef64e7e99be9eae669f1d2af78d40ec4a1807da7cdd7e80fb5a9787dadc92
Size

327KB
Sample

210727-yjf2j1ywtn
MD5

a6ff10bf67216daf5ab754766452ffe7
SHA1

32ad072c26e0deeffd71de36e45d6c3505cce3ea
SHA256

8baef64e7e99be9eae669f1d2af78d40ec4a1807da7cdd7e80fb5a9787dadc92
SHA512

a2b0c9110588f19670390ce1ab9281a019c400e3a83b046afd55951cf24624217a035d921bda28e908a720a0afb2592f5d52258f1369bef887588cf67a4636d0

Score

10^/10

evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  8baef64e7e99be9eae669f1d2af78d40ec4a1807da7cdd7e80fb5a9787dadc92
- Size
  
  327KB
- MD5
  
  a6ff10bf67216daf5ab754766452ffe7
- SHA1
  
  32ad072c26e0deeffd71de36e45d6c3505cce3ea
- SHA256
  
  8baef64e7e99be9eae669f1d2af78d40ec4a1807da7cdd7e80fb5a9787dadc92
- SHA512
  
  a2b0c9110588f19670390ce1ab9281a019c400e3a83b046afd55951cf24624217a035d921bda28e908a720a0afb2592f5d52258f1369bef887588cf67a4636d0
Score

10^/10

evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2