0f4d3f936d3f4ff0520ba7ff936682881c072ec884c41c5dc486eb8caa10bb5b | Triage

Sharing

General

Target

0f4d3f936d3f4ff0520ba7ff936682881c072ec884c41c5dc486eb8caa10bb5b
Size

939KB
Sample

230418-vv34baeg2s
MD5

810283a193de646cf201c1495fea650d
SHA1

ba942f9d638a2ac30d675569513f668e781fb22c
SHA256

0f4d3f936d3f4ff0520ba7ff936682881c072ec884c41c5dc486eb8caa10bb5b
SHA512

7a05f86b3e1d551abcb2b661a1b9a9ba0e529524b2318ce810165f273799a15fc477be2076d58c3b2f6e42b438ff04f1c0f9fd2835d3593caf43684dd754adda
SSDEEP

24576:EyZqFcAH2v3W0NxDHHCSmEr4owQyK6lXGInJ2LY:TUcAWP5DnCSFLwBnl2gJ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0f4d3f936d3f4ff0520ba7ff936682881c072ec884c41c5dc486eb8caa10bb5b
- Size
  
  939KB
- MD5
  
  810283a193de646cf201c1495fea650d
- SHA1
  
  ba942f9d638a2ac30d675569513f668e781fb22c
- SHA256
  
  0f4d3f936d3f4ff0520ba7ff936682881c072ec884c41c5dc486eb8caa10bb5b
- SHA512
  
  7a05f86b3e1d551abcb2b661a1b9a9ba0e529524b2318ce810165f273799a15fc477be2076d58c3b2f6e42b438ff04f1c0f9fd2835d3593caf43684dd754adda
- SSDEEP
  
  24576:EyZqFcAH2v3W0NxDHHCSmEr4owQyK6lXGInJ2LY:TUcAWP5DnCSFLwBnl2gJ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan