3901f2f410e517d6a06875a9a99f5eee28f57c93c9fde455cc8824f44257ee64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3901f2f410e517d6a06875a9a99f5eee28f57c93c9fde455cc8824f44257ee64
Size

828KB
Sample

230420-ewmvqafd96
MD5

eb234fb02acda7271a11bc1da7e4b0fd
SHA1

87c8ed9295be465fd007c114c4f30ce17747e848
SHA256

3901f2f410e517d6a06875a9a99f5eee28f57c93c9fde455cc8824f44257ee64
SHA512

f8a154a465305ca575201545f6d71b79cc0df031497acc136098cd932365a7522bb970737a3edf13c595320ffcc387612d07cc011fda70d583c0255772d4db9b
SSDEEP

12288:7y90RNonn+DncG12mgFC7ENTxJpN65hdhGAteax7lh8NZP0qC28UjnBoSZzC+k9Q:7yN+hcmmC2TbeMyeax7lIhbUU76SB8Q

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3901f2f410e517d6a06875a9a99f5eee28f57c93c9fde455cc8824f44257ee64
- Size
  
  828KB
- MD5
  
  eb234fb02acda7271a11bc1da7e4b0fd
- SHA1
  
  87c8ed9295be465fd007c114c4f30ce17747e848
- SHA256
  
  3901f2f410e517d6a06875a9a99f5eee28f57c93c9fde455cc8824f44257ee64
- SHA512
  
  f8a154a465305ca575201545f6d71b79cc0df031497acc136098cd932365a7522bb970737a3edf13c595320ffcc387612d07cc011fda70d583c0255772d4db9b
- SSDEEP
  
  12288:7y90RNonn+DncG12mgFC7ENTxJpN65hdhGAteax7lh8NZP0qC28UjnBoSZzC+k9Q:7yN+hcmmC2TbeMyeax7lIhbUU76SB8Q
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan