90255deee9292b4940ade8255f50993321c3df1a643794409b9a9a3e44257a29 | Triage

Sharing

General

Target

90255deee9292b4940ade8255f50993321c3df1a643794409b9a9a3e44257a29
Size

446KB
Sample

221011-nsj44acef2
MD5

63040725dc8d3dca1755d21cc7c4c340
SHA1

f9a8adfdef8c2554d598063b1a2848253cee0065
SHA256

90255deee9292b4940ade8255f50993321c3df1a643794409b9a9a3e44257a29
SHA512

e2ab3bf2e1278560328b29b0479d0c0f861c6badd252daf41815668804c9e9f579a8b0694ebaef5cdfa7d5db161a33315ca5a6c416b77a543c738e4bc4c79cf3
SSDEEP

12288:/jpjS2ATtV7pWnmE+/+t3QmD0uXZwGci6RRmctzfgHGe3UJy6/Ptqq+:/l9ATtCmhSZODRDtzfgHGeB6/VV+

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  90255deee9292b4940ade8255f50993321c3df1a643794409b9a9a3e44257a29
- Size
  
  446KB
- MD5
  
  63040725dc8d3dca1755d21cc7c4c340
- SHA1
  
  f9a8adfdef8c2554d598063b1a2848253cee0065
- SHA256
  
  90255deee9292b4940ade8255f50993321c3df1a643794409b9a9a3e44257a29
- SHA512
  
  e2ab3bf2e1278560328b29b0479d0c0f861c6badd252daf41815668804c9e9f579a8b0694ebaef5cdfa7d5db161a33315ca5a6c416b77a543c738e4bc4c79cf3
- SSDEEP
  
  12288:/jpjS2ATtV7pWnmE+/+t3QmD0uXZwGci6RRmctzfgHGe3UJy6/Ptqq+:/l9ATtCmhSZODRDtzfgHGeB6/VV+
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan