25eaa2a06a4eb95432c357752c1868e946a803ba680e1b57f89cda22e05a0dfd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25eaa2a06a4eb95432c357752c1868e946a803ba680e1b57f89cda22e05a0dfd
Size

827KB
Sample

230419-2pp3tsfg4v
MD5

578d0cb52358fe12bcfb3aa54880e963
SHA1

289f3d72df5e144ec8d8edb33514352bac0eb513
SHA256

25eaa2a06a4eb95432c357752c1868e946a803ba680e1b57f89cda22e05a0dfd
SHA512

4e49ae4e786a30afb0f326b4fc2cae90a83ba7392750f8a7bd4dbf2cbd41073e2ffd382e8ecc9fc77fd0ffcb8a7664aac3f2a3f115ff74c4310fafacd641c632
SSDEEP

12288:gy90FCwZoCBGSd/iMQA26HSAT6oKcp90687t85ncI2A5TOMaEvM2h0y:gylAzzN526yAfK29WUnQAVt0y

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  25eaa2a06a4eb95432c357752c1868e946a803ba680e1b57f89cda22e05a0dfd
- Size
  
  827KB
- MD5
  
  578d0cb52358fe12bcfb3aa54880e963
- SHA1
  
  289f3d72df5e144ec8d8edb33514352bac0eb513
- SHA256
  
  25eaa2a06a4eb95432c357752c1868e946a803ba680e1b57f89cda22e05a0dfd
- SHA512
  
  4e49ae4e786a30afb0f326b4fc2cae90a83ba7392750f8a7bd4dbf2cbd41073e2ffd382e8ecc9fc77fd0ffcb8a7664aac3f2a3f115ff74c4310fafacd641c632
- SSDEEP
  
  12288:gy90FCwZoCBGSd/iMQA26HSAT6oKcp90687t85ncI2A5TOMaEvM2h0y:gylAzzN526yAfK29WUnQAVt0y
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan