6abdfeb8f29321a4881248f4142a804a391ce2e4c9c9547f4db448555934046f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6abdfeb8f29321a4881248f4142a804a391ce2e4c9c9547f4db448555934046f
Size

1.2MB
Sample

230420-3z77tsda54
MD5

17bc500392903985a498d6d4ef8107c9
SHA1

8561b51eb3078d1700514dbd9e8b4757fa421ab2
SHA256

6abdfeb8f29321a4881248f4142a804a391ce2e4c9c9547f4db448555934046f
SHA512

260802ece3cde176689b0ab7a1e3ff6d80e41aea3711b60ccfe51814035c3166413913301c4b2dfc0d97c100e3af6df81a0e6b035f268448f6309a7b3154321b
SSDEEP

24576:Zy0h2X6Cft0dIH+zNzEzKNQ4i8XYc9BldXEg3amav/BVTZDw5h:MU2XTWdI2ZEzWQmY4J9Kf//Rw5

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6abdfeb8f29321a4881248f4142a804a391ce2e4c9c9547f4db448555934046f
- Size
  
  1.2MB
- MD5
  
  17bc500392903985a498d6d4ef8107c9
- SHA1
  
  8561b51eb3078d1700514dbd9e8b4757fa421ab2
- SHA256
  
  6abdfeb8f29321a4881248f4142a804a391ce2e4c9c9547f4db448555934046f
- SHA512
  
  260802ece3cde176689b0ab7a1e3ff6d80e41aea3711b60ccfe51814035c3166413913301c4b2dfc0d97c100e3af6df81a0e6b035f268448f6309a7b3154321b
- SSDEEP
  
  24576:Zy0h2X6Cft0dIH+zNzEzKNQ4i8XYc9BldXEg3amav/BVTZDw5h:MU2XTWdI2ZEzWQmY4J9Kf//Rw5
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan