67e98c2c9f6ccbcedbd45c230be1717fdee6ee2763101b85aa13a5578dd5885d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67e98c2c9f6ccbcedbd45c230be1717fdee6ee2763101b85aa13a5578dd5885d
Size

1.1MB
Sample

230418-3m8b3agg5y
MD5

7c14f6dbc7979e29e0d09afa65800d9b
SHA1

c91c49bebce43dfd9d6adf651056a1f51e02fa96
SHA256

67e98c2c9f6ccbcedbd45c230be1717fdee6ee2763101b85aa13a5578dd5885d
SHA512

01371e90dfec505d414e0e35d876630f77a1a3dc93034f8ff960dcd6b67ffb477c840b18e22d59d13f06b2dbc9b6dd0b8f71960ee91c3e15d82cf42d874b5606
SSDEEP

24576:nyrdtLaKQutPaQ99NsTeo64lgKfS4f2o95Aanm3FThGv/:yr+KQuRaQ9kBTlgZq99Kam3FTEv

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  67e98c2c9f6ccbcedbd45c230be1717fdee6ee2763101b85aa13a5578dd5885d
- Size
  
  1.1MB
- MD5
  
  7c14f6dbc7979e29e0d09afa65800d9b
- SHA1
  
  c91c49bebce43dfd9d6adf651056a1f51e02fa96
- SHA256
  
  67e98c2c9f6ccbcedbd45c230be1717fdee6ee2763101b85aa13a5578dd5885d
- SHA512
  
  01371e90dfec505d414e0e35d876630f77a1a3dc93034f8ff960dcd6b67ffb477c840b18e22d59d13f06b2dbc9b6dd0b8f71960ee91c3e15d82cf42d874b5606
- SSDEEP
  
  24576:nyrdtLaKQutPaQ99NsTeo64lgKfS4f2o95Aanm3FThGv/:yr+KQuRaQ9kBTlgZq99Kam3FTEv
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan