2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
Size

695KB
Sample

230421-25am3scf3s
MD5

30436baa6e7adc0a2d74848da5c0efc1
SHA1

74a9556a658e5b880fede4eed38d4a1b7f026cdf
SHA256

2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
SHA512

3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7
SSDEEP

12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
- Size
  
  695KB
- MD5
  
  30436baa6e7adc0a2d74848da5c0efc1
- SHA1
  
  74a9556a658e5b880fede4eed38d4a1b7f026cdf
- SHA256
  
  2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
- SHA512
  
  3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7
- SSDEEP
  
  12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan