e9b641cc37cf5bef206662b32ea1376bdef9c49094ff6b69b6464ba844f7381a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9b641cc37cf5bef206662b32ea1376bdef9c49094ff6b69b6464ba844f7381a
Size

559KB
Sample

230422-23lmkaba3w
MD5

c997fb386e2b320d14a2a6734b8b5d98
SHA1

38226240c4c79b678c984e985f59f7cebff08c87
SHA256

e9b641cc37cf5bef206662b32ea1376bdef9c49094ff6b69b6464ba844f7381a
SHA512

cff99340ab23223c0e139c12188d937dd1c0bf8fdc2ffa886106c0a9e6ba8448653a23aef01b036cedf2097a8e7df8e76c297017c30613ffa5c3f33ad540cca3
SSDEEP

12288:1y90EUPb8M8U7xWhSpJ8k16uWeEcb/EsfunVpOvs3zT3nt:1yOSU7ZJ2uWjpHKmB

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  e9b641cc37cf5bef206662b32ea1376bdef9c49094ff6b69b6464ba844f7381a
- Size
  
  559KB
- MD5
  
  c997fb386e2b320d14a2a6734b8b5d98
- SHA1
  
  38226240c4c79b678c984e985f59f7cebff08c87
- SHA256
  
  e9b641cc37cf5bef206662b32ea1376bdef9c49094ff6b69b6464ba844f7381a
- SHA512
  
  cff99340ab23223c0e139c12188d937dd1c0bf8fdc2ffa886106c0a9e6ba8448653a23aef01b036cedf2097a8e7df8e76c297017c30613ffa5c3f33ad540cca3
- SSDEEP
  
  12288:1y90EUPb8M8U7xWhSpJ8k16uWeEcb/EsfunVpOvs3zT3nt:1yOSU7ZJ2uWjpHKmB
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan