0a65f4f7f01c68c4ce0732464990129711dbd244c3bf73b8afac87befbb97222 | Triage

Sharing

General

Target

0a65f4f7f01c68c4ce0732464990129711dbd244c3bf73b8afac87befbb97222
Size

695KB
Sample

230421-1g42caca2v
MD5

8af94d80cb4187461f5ba1dc6b702231
SHA1

8da32b14bc0dde9890fe0ec9a1b88c41c38f2ee9
SHA256

0a65f4f7f01c68c4ce0732464990129711dbd244c3bf73b8afac87befbb97222
SHA512

c40189d5ce044823ac817a08f76d104c1298191e049e969d8332b0b20bdd0edb5ee84e278ec570e2a6b2408d550ab80b98c12653a012da0d9b2cfbc59bbfb47a
SSDEEP

12288:Vy906ACoR5dINQrI1zuJWA83R6/gSMvpj5QO0T7D3daXxVBbLtH:VyKCyItzV5R6/gQjO7RR

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0a65f4f7f01c68c4ce0732464990129711dbd244c3bf73b8afac87befbb97222
- Size
  
  695KB
- MD5
  
  8af94d80cb4187461f5ba1dc6b702231
- SHA1
  
  8da32b14bc0dde9890fe0ec9a1b88c41c38f2ee9
- SHA256
  
  0a65f4f7f01c68c4ce0732464990129711dbd244c3bf73b8afac87befbb97222
- SHA512
  
  c40189d5ce044823ac817a08f76d104c1298191e049e969d8332b0b20bdd0edb5ee84e278ec570e2a6b2408d550ab80b98c12653a012da0d9b2cfbc59bbfb47a
- SSDEEP
  
  12288:Vy906ACoR5dINQrI1zuJWA83R6/gSMvpj5QO0T7D3daXxVBbLtH:VyKCyItzV5R6/gQjO7RR
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan