a37056b2133e408dc7f097cd71ceb0ea46dcd7a19096fcf2cc4f09c096481530 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a37056b2133e408dc7f097cd71ceb0ea46dcd7a19096fcf2cc4f09c096481530
Size

1.0MB
Sample

230420-ztq5kscc87
MD5

5c6121d6e35c966fe9c11feee0375651
SHA1

6affcc58aa267baa8e7c6dbe30ff2f34fa94cd8e
SHA256

a37056b2133e408dc7f097cd71ceb0ea46dcd7a19096fcf2cc4f09c096481530
SHA512

924516338736da0a6521d438e76e1671dd1cd4c8576c2890de259a0dc03794b6e124841eb586b2d7ed7df2c3204550e11a5ef97216e0ed4380f625c6850bba67
SSDEEP

24576:RyeOdHUGlPL79+5P4CE8SY6ui8y72UxZaNKpNlpoyUeGrrr:ETJLs5P4CEnYpy7y4luy/GP

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  a37056b2133e408dc7f097cd71ceb0ea46dcd7a19096fcf2cc4f09c096481530
- Size
  
  1.0MB
- MD5
  
  5c6121d6e35c966fe9c11feee0375651
- SHA1
  
  6affcc58aa267baa8e7c6dbe30ff2f34fa94cd8e
- SHA256
  
  a37056b2133e408dc7f097cd71ceb0ea46dcd7a19096fcf2cc4f09c096481530
- SHA512
  
  924516338736da0a6521d438e76e1671dd1cd4c8576c2890de259a0dc03794b6e124841eb586b2d7ed7df2c3204550e11a5ef97216e0ed4380f625c6850bba67
- SSDEEP
  
  24576:RyeOdHUGlPL79+5P4CE8SY6ui8y72UxZaNKpNlpoyUeGrrr:ETJLs5P4CEnYpy7y4luy/GP
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan