809d5f3432c33cb3743c45178e8136ba43fe7058232694aab19e7d2674f6e988 | Triage

Sharing

General

Target

809d5f3432c33cb3743c45178e8136ba43fe7058232694aab19e7d2674f6e988
Size

1.1MB
Sample

230420-jl9nysgd49
MD5

04a5152da06190db2d11b3fdb8be7f63
SHA1

dba67fed7755524ef1ded36807fdfb9bac240918
SHA256

809d5f3432c33cb3743c45178e8136ba43fe7058232694aab19e7d2674f6e988
SHA512

4b8158fdd3a960a8ca7df590ac85b1fbf62ddf1a87eecc5a550d76f98719af99bd792a518469584b3981eb592a1c65c2a91b15494584273f66666b23fd78beaf
SSDEEP

24576:SyXAO9CAkdQ1LXRdEXyHyP3UpIna5KNWdcUburqtdI71H0:5XL01y1LCyHyPEpInVNeTuWty

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  809d5f3432c33cb3743c45178e8136ba43fe7058232694aab19e7d2674f6e988
- Size
  
  1.1MB
- MD5
  
  04a5152da06190db2d11b3fdb8be7f63
- SHA1
  
  dba67fed7755524ef1ded36807fdfb9bac240918
- SHA256
  
  809d5f3432c33cb3743c45178e8136ba43fe7058232694aab19e7d2674f6e988
- SHA512
  
  4b8158fdd3a960a8ca7df590ac85b1fbf62ddf1a87eecc5a550d76f98719af99bd792a518469584b3981eb592a1c65c2a91b15494584273f66666b23fd78beaf
- SSDEEP
  
  24576:SyXAO9CAkdQ1LXRdEXyHyP3UpIna5KNWdcUburqtdI71H0:5XL01y1LCyHyPEpInVNeTuWty
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan