5b952bf985fd96067d53c27f6b7322b16da25f3e71e6a2bda1a6dcb51dd72c6c | Triage

Sharing

General

Target

ð¦utoplð¦y.exe
Size

6.9MB
Sample

230109-f72zfsgf61
MD5

a69200b284447ee873c9c90f5d8dc559
SHA1

75651b61d2001081b9563f70694374a5a8e01c14
SHA256

5b952bf985fd96067d53c27f6b7322b16da25f3e71e6a2bda1a6dcb51dd72c6c
SHA512

355c20d06a4872d5bce1b1c4470c8972844094ddc3484bdf6450114068b4f5b097197f5f7bbec94c5c4b7932e4b0bfbaaae1493c8e28e8ba96c9982e5946b646
SSDEEP

196608:LGeBG6tJR1RyW/jiJSrS3YUTb167X5we2sLY8qafPcV62q/PhB:PBGs1csizByX5we2svquEV62iB

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ð¦utoplð¦y.exe
- Size
  
  6.9MB
- MD5
  
  a69200b284447ee873c9c90f5d8dc559
- SHA1
  
  75651b61d2001081b9563f70694374a5a8e01c14
- SHA256
  
  5b952bf985fd96067d53c27f6b7322b16da25f3e71e6a2bda1a6dcb51dd72c6c
- SHA512
  
  355c20d06a4872d5bce1b1c4470c8972844094ddc3484bdf6450114068b4f5b097197f5f7bbec94c5c4b7932e4b0bfbaaae1493c8e28e8ba96c9982e5946b646
- SSDEEP
  
  196608:LGeBG6tJR1RyW/jiJSrS3YUTb167X5we2sLY8qafPcV62q/PhB:PBGs1csizByX5we2svquEV62iB
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer