2a286b5636b83346d0330ec3db01d4c5b7cbf08f26eb83755ed68d8ff36290e1 | Triage

Sharing

General

Target

2a286b5636b83346d0330ec3db01d4c5b7cbf08f26eb83755ed68d8ff36290e1
Size

965KB
Sample

230422-csr9xsbh56
MD5

50f39440525dc1eb7fc72385c7b3fc70
SHA1

2aa52b4f491c5a05a1e1a6522b894d610fa8631c
SHA256

2a286b5636b83346d0330ec3db01d4c5b7cbf08f26eb83755ed68d8ff36290e1
SHA512

a92802bc367f0b4844e22dc02ca6c2813844cc6570b1391be3a3eea62c4112f08acb0ee73c50efaddf7d221ec7845c35f4ebb760c4fbddbd368059404629d6e5
SSDEEP

12288:+y90lxesi8fzbRJtwGDaHX5ScBK1c3Aig8sgrofUTOQxe1EJ7VmO7wbtcoEuVM7W:+yCesiUzXtrn1c7uUTbj7v7KZrM7xFO

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2a286b5636b83346d0330ec3db01d4c5b7cbf08f26eb83755ed68d8ff36290e1
- Size
  
  965KB
- MD5
  
  50f39440525dc1eb7fc72385c7b3fc70
- SHA1
  
  2aa52b4f491c5a05a1e1a6522b894d610fa8631c
- SHA256
  
  2a286b5636b83346d0330ec3db01d4c5b7cbf08f26eb83755ed68d8ff36290e1
- SHA512
  
  a92802bc367f0b4844e22dc02ca6c2813844cc6570b1391be3a3eea62c4112f08acb0ee73c50efaddf7d221ec7845c35f4ebb760c4fbddbd368059404629d6e5
- SSDEEP
  
  12288:+y90lxesi8fzbRJtwGDaHX5ScBK1c3Aig8sgrofUTOQxe1EJ7VmO7wbtcoEuVM7W:+yCesiUzXtrn1c7uUTbj7v7KZrM7xFO
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan