6fdad960a3c480457cd0a1b650e47388b6979e41cc58d4269c97e15719ce2068 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fdad960a3c480457cd0a1b650e47388b6979e41cc58d4269c97e15719ce2068
Size

1.3MB
Sample

230419-3vsataga4y
MD5

f51f49ad31624496dff5ce6ad78a0b3b
SHA1

f8e3db7c1678de43fe187bcb621fb563101a950f
SHA256

6fdad960a3c480457cd0a1b650e47388b6979e41cc58d4269c97e15719ce2068
SHA512

e092b969794d2dea4bc108202ca9b305ff4ee8832108c2f717126979dec6ff3146ac589e3c321ae19e4833638f02a206efda34f042b43f9398d9d6038eccc222
SSDEEP

24576:JyiOCv/RRV4WAzRjIIQhszzTB/BvsFQari0lKI+PggPmXPPuD2KUjEQ:85KR+VcLGzTB/Kxri0l3guXPTKUo

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6fdad960a3c480457cd0a1b650e47388b6979e41cc58d4269c97e15719ce2068
- Size
  
  1.3MB
- MD5
  
  f51f49ad31624496dff5ce6ad78a0b3b
- SHA1
  
  f8e3db7c1678de43fe187bcb621fb563101a950f
- SHA256
  
  6fdad960a3c480457cd0a1b650e47388b6979e41cc58d4269c97e15719ce2068
- SHA512
  
  e092b969794d2dea4bc108202ca9b305ff4ee8832108c2f717126979dec6ff3146ac589e3c321ae19e4833638f02a206efda34f042b43f9398d9d6038eccc222
- SSDEEP
  
  24576:JyiOCv/RRV4WAzRjIIQhszzTB/BvsFQari0lKI+PggPmXPPuD2KUjEQ:85KR+VcLGzTB/Kxri0l3guXPTKUo
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan