b053532e2d9b12521c35bc62441e5280ecc7376676e53e2cb10450f3df97475e | Triage

Sharing

General

Target

b053532e2d9b12521c35bc62441e5280ecc7376676e53e2cb10450f3df97475e
Size

725KB
Sample

221020-n6askscge9
MD5

4185a0ebac66be79ea4863e74e8eaa90
SHA1

4dd1b7433c780cb6eee66f2776ee91ced30f55e3
SHA256

b053532e2d9b12521c35bc62441e5280ecc7376676e53e2cb10450f3df97475e
SHA512

25a78e51494d33341c1fbe9faa26ef76bbaff545bb920ad069a316d78c05de47fa2528248a78473aefa22f5c7e7d0a52b7eadd94dc0de05c7a497bda48a4b7af
SSDEEP

12288:sExXoG/3F0nLUlPIpTta7e/NU/3PwoNF7abOgHtkGG64Kg2o7ZmZcc1geFpBnKAP:sEx4e0YlItayK3fn70TKGG6PgEcXebJz

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  b053532e2d9b12521c35bc62441e5280ecc7376676e53e2cb10450f3df97475e
- Size
  
  725KB
- MD5
  
  4185a0ebac66be79ea4863e74e8eaa90
- SHA1
  
  4dd1b7433c780cb6eee66f2776ee91ced30f55e3
- SHA256
  
  b053532e2d9b12521c35bc62441e5280ecc7376676e53e2cb10450f3df97475e
- SHA512
  
  25a78e51494d33341c1fbe9faa26ef76bbaff545bb920ad069a316d78c05de47fa2528248a78473aefa22f5c7e7d0a52b7eadd94dc0de05c7a497bda48a4b7af
- SSDEEP
  
  12288:sExXoG/3F0nLUlPIpTta7e/NU/3PwoNF7abOgHtkGG64Kg2o7ZmZcc1geFpBnKAP:sEx4e0YlItayK3fn70TKGG6PgEcXebJz
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencetrojan