aa2cec61461640a17747a7a24e09473f322a0449862080f029adf51e22e8eb6d | Triage

Sharing

General

Target

aa2cec61461640a17747a7a24e09473f322a0449862080f029adf51e22e8eb6d
Size

827KB
Sample

230419-rrnbxaba83
MD5

d9ae223716e9c6b01360ac79b5b67e77
SHA1

ddc823927ee9f9e5e2556d8fe7fed9a800774439
SHA256

aa2cec61461640a17747a7a24e09473f322a0449862080f029adf51e22e8eb6d
SHA512

14ac985a3919fb0fedefced83facb102ff0cadc74188c3c72404e5ae4bd515245774d4c61d07f8d9d32518d24a43042e672bbb36def558e38c2364697a2a8557
SSDEEP

24576:lygXQZHm6Tkb9QqZeOieaYtOXQThYt0VegmE:AgurYfhhaYtOXQTh1Tm

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  aa2cec61461640a17747a7a24e09473f322a0449862080f029adf51e22e8eb6d
- Size
  
  827KB
- MD5
  
  d9ae223716e9c6b01360ac79b5b67e77
- SHA1
  
  ddc823927ee9f9e5e2556d8fe7fed9a800774439
- SHA256
  
  aa2cec61461640a17747a7a24e09473f322a0449862080f029adf51e22e8eb6d
- SHA512
  
  14ac985a3919fb0fedefced83facb102ff0cadc74188c3c72404e5ae4bd515245774d4c61d07f8d9d32518d24a43042e672bbb36def558e38c2364697a2a8557
- SSDEEP
  
  24576:lygXQZHm6Tkb9QqZeOieaYtOXQThYt0VegmE:AgurYfhhaYtOXQTh1Tm
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan