1c2f647815388dff672044893e438f750b50c05dec25e4e5611d61223d3da3ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c2f647815388dff672044893e438f750b50c05dec25e4e5611d61223d3da3ff
Size

938KB
Sample

230418-rvnrvadg6w
MD5

61a63610021d7eb68a0ba08d2beb7edd
SHA1

fac398ca09c9713ca8f255a4f5c8a74e5c2965f7
SHA256

1c2f647815388dff672044893e438f750b50c05dec25e4e5611d61223d3da3ff
SHA512

8221a2d94cd61a7e3df01d5202da2d1e612281fcf797628cd41e3639965ac6c5b0367ab45ec993e2733a96a58f6efb377667416b027c30ce8634a5ce2faf7c84
SSDEEP

24576:QyI9jUoWeRXzvC9wi4cFDK0ZHkE1fQ8svNi0GJB:XI9QoWeRjvS4UKOJfGNi0GJ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  1c2f647815388dff672044893e438f750b50c05dec25e4e5611d61223d3da3ff
- Size
  
  938KB
- MD5
  
  61a63610021d7eb68a0ba08d2beb7edd
- SHA1
  
  fac398ca09c9713ca8f255a4f5c8a74e5c2965f7
- SHA256
  
  1c2f647815388dff672044893e438f750b50c05dec25e4e5611d61223d3da3ff
- SHA512
  
  8221a2d94cd61a7e3df01d5202da2d1e612281fcf797628cd41e3639965ac6c5b0367ab45ec993e2733a96a58f6efb377667416b027c30ce8634a5ce2faf7c84
- SSDEEP
  
  24576:QyI9jUoWeRXzvC9wi4cFDK0ZHkE1fQ8svNi0GJB:XI9QoWeRjvS4UKOJfGNi0GJ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan