954a58037160d74d3016192c523e7790d04f9ff61e57df54f7550b728457eebc | Triage

Sharing

General

Target

954a58037160d74d3016192c523e7790d04f9ff61e57df54f7550b728457eebc
Size

826KB
Sample

230420-bx49lsef76
MD5

42f9f327087e8ea9bd291ca1a25b8a84
SHA1

f4b1079da11b5783897c43e030931f67471d4c98
SHA256

954a58037160d74d3016192c523e7790d04f9ff61e57df54f7550b728457eebc
SHA512

95f2958d7f6fb778f2d9622f9af23e21f078b5df7625d49932bca4a9e376aaf44566265df950b5a764f00aa491a5dff7bfb541b3e69604dcefa6b5a668b71fce
SSDEEP

24576:uy+fZYpgz1wBIXkv2v26wL9xaB9WWr3uG:9+fZwgxcTv2v26w+l

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  954a58037160d74d3016192c523e7790d04f9ff61e57df54f7550b728457eebc
- Size
  
  826KB
- MD5
  
  42f9f327087e8ea9bd291ca1a25b8a84
- SHA1
  
  f4b1079da11b5783897c43e030931f67471d4c98
- SHA256
  
  954a58037160d74d3016192c523e7790d04f9ff61e57df54f7550b728457eebc
- SHA512
  
  95f2958d7f6fb778f2d9622f9af23e21f078b5df7625d49932bca4a9e376aaf44566265df950b5a764f00aa491a5dff7bfb541b3e69604dcefa6b5a668b71fce
- SSDEEP
  
  24576:uy+fZYpgz1wBIXkv2v26wL9xaB9WWr3uG:9+fZwgxcTv2v26w+l
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan