994aae5bed038d43c167620bbd22ac95ca67e34aeea62e0fd105ad25486ea8a5 | Triage

Sharing

General

Target

994aae5bed038d43c167620bbd22ac95ca67e34aeea62e0fd105ad25486ea8a5
Size

1.1MB
Sample

230418-smq3nscc45
MD5

6c961f09e59def11ba536a101adb3a66
SHA1

92212d70282c742d2ea4ee533c8975860c9f7450
SHA256

994aae5bed038d43c167620bbd22ac95ca67e34aeea62e0fd105ad25486ea8a5
SHA512

3149991d372941e498e6de45e67916f90b5aecb0cf72bced518dd654ed48fcdaa2ebeda21e91eeb865e51f9960ce22b0a9fab1499f16538f2754e8d4e8199f72
SSDEEP

24576:by23hXt9gywAFWQt/fTK9ZrFPrZe8daITt54aZ:O0FgywINKTrBIbmr4

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  994aae5bed038d43c167620bbd22ac95ca67e34aeea62e0fd105ad25486ea8a5
- Size
  
  1.1MB
- MD5
  
  6c961f09e59def11ba536a101adb3a66
- SHA1
  
  92212d70282c742d2ea4ee533c8975860c9f7450
- SHA256
  
  994aae5bed038d43c167620bbd22ac95ca67e34aeea62e0fd105ad25486ea8a5
- SHA512
  
  3149991d372941e498e6de45e67916f90b5aecb0cf72bced518dd654ed48fcdaa2ebeda21e91eeb865e51f9960ce22b0a9fab1499f16538f2754e8d4e8199f72
- SSDEEP
  
  24576:by23hXt9gywAFWQt/fTK9ZrFPrZe8daITt54aZ:O0FgywINKTrBIbmr4
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan