0e78160a0f128bdf85b2d24c1c2b5025b9832761be2c651e55bfd1301a526398 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

images.jpg

windows10-1703-x64

8

Resubmissions

13-04-2023 17:49

230413-wehywadb43 3

13-04-2023 17:47

230413-wcz5daed4x 3

13-04-2023 16:35

230413-t3tn6sea21 8

Sharing

General

Target

images.jpg
Size

5KB
Sample

230413-t3tn6sea21
MD5

66a3b72879baa39d00a1a837ef01ba88
SHA1

b8e9479468e2421d2110715adbc260d53a8e0b1f
SHA256

0e78160a0f128bdf85b2d24c1c2b5025b9832761be2c651e55bfd1301a526398
SHA512

5e271585c467fddce82181b62723c821e145d6af662d2f51f963bd1646801aeb0f80cbbe2fc6664aba9181ff7a86f5222406aa4b61bbb6c3c6acc22db3db3087
SSDEEP

96:vd/UsedgMupb+jadUOLnzUUlePBJ5bhQVZuxsLaXt1do7URgqB69Qv:hrdXdU8o/hMLaXt1S7Hqo0

Score

8^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

images.jpg

Resource

win10-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-1703-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  images.jpg
- Size
  
  5KB
- MD5
  
  66a3b72879baa39d00a1a837ef01ba88
- SHA1
  
  b8e9479468e2421d2110715adbc260d53a8e0b1f
- SHA256
  
  0e78160a0f128bdf85b2d24c1c2b5025b9832761be2c651e55bfd1301a526398
- SHA512
  
  5e271585c467fddce82181b62723c821e145d6af662d2f51f963bd1646801aeb0f80cbbe2fc6664aba9181ff7a86f5222406aa4b61bbb6c3c6acc22db3db3087
- SSDEEP
  
  96:vd/UsedgMupb+jadUOLnzUUlePBJ5bhQVZuxsLaXt1do7URgqB69Qv:hrdXdU8o/hMLaXt1S7Hqo0
Score

8^/10

discovery evasion persistence spyware stealer trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy