0252dd9e7c17c6bb45ad204bb3b1c2b6f3b8cb104852b6faecc0074333b09750 | Triage

Sharing

General

Target

0252dd9e7c17c6bb45ad204bb3b1c2b6f3b8cb104852b6faecc0074333b09750
Size

923KB
Sample

230420-311jdaeh9v
MD5

299a343c4aac9624f1a5b8b0d9d4dbe9
SHA1

ba805e5ece4836c40476bc60b5ce8773e40606b4
SHA256

0252dd9e7c17c6bb45ad204bb3b1c2b6f3b8cb104852b6faecc0074333b09750
SHA512

9a15f94b81a62e8de498bc8b602e6496d785308200d7f399fca78e846a54eb0a03317097db102f2da5bc098c026de2e21d48caa387cbf88ae25bad8546f70aa1
SSDEEP

24576:+yNvPrcWtrm0+80mnJWFzYsp8yEeYvWGd:NNvgqrmcwFYsiyEe

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0252dd9e7c17c6bb45ad204bb3b1c2b6f3b8cb104852b6faecc0074333b09750
- Size
  
  923KB
- MD5
  
  299a343c4aac9624f1a5b8b0d9d4dbe9
- SHA1
  
  ba805e5ece4836c40476bc60b5ce8773e40606b4
- SHA256
  
  0252dd9e7c17c6bb45ad204bb3b1c2b6f3b8cb104852b6faecc0074333b09750
- SHA512
  
  9a15f94b81a62e8de498bc8b602e6496d785308200d7f399fca78e846a54eb0a03317097db102f2da5bc098c026de2e21d48caa387cbf88ae25bad8546f70aa1
- SSDEEP
  
  24576:+yNvPrcWtrm0+80mnJWFzYsp8yEeYvWGd:NNvgqrmcwFYsiyEe
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan