d8ce0919ec372c1832b76b80422ef639d5f3276c6398c4ff1869997b153268dd | Triage

Sharing

General

Target

d8ce0919ec372c1832b76b80422ef639d5f3276c6398c4ff1869997b153268dd
Size

705KB
Sample

230422-a7rwladb4w
MD5

62f7f6a9c85a807b9e86dca4a7f4ef26
SHA1

781435b7cf04da69e4f0eb017b9bc922cebf4537
SHA256

d8ce0919ec372c1832b76b80422ef639d5f3276c6398c4ff1869997b153268dd
SHA512

c20c1a32af3e10f555fb37dd3eb2f814f0d8aa355b4b086cea682fe2551648f064101aae8faee61413037ca086e8916e44da953f0d4afbaf57c4e426d6dea386
SSDEEP

12288:by90ZkR2sgMGt2rTl+VQ1kuu5f9q5Ak+J0s1grniUFOltx7TyKGl:byhURMGQTlhjcNCsbUF+H7OKGl

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d8ce0919ec372c1832b76b80422ef639d5f3276c6398c4ff1869997b153268dd
- Size
  
  705KB
- MD5
  
  62f7f6a9c85a807b9e86dca4a7f4ef26
- SHA1
  
  781435b7cf04da69e4f0eb017b9bc922cebf4537
- SHA256
  
  d8ce0919ec372c1832b76b80422ef639d5f3276c6398c4ff1869997b153268dd
- SHA512
  
  c20c1a32af3e10f555fb37dd3eb2f814f0d8aa355b4b086cea682fe2551648f064101aae8faee61413037ca086e8916e44da953f0d4afbaf57c4e426d6dea386
- SSDEEP
  
  12288:by90ZkR2sgMGt2rTl+VQ1kuu5f9q5Ak+J0s1grniUFOltx7TyKGl:byhURMGQTlhjcNCsbUF+H7OKGl
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan