86700fbdff43c3fbe7be2f9d572a49d5e73cdbe299cb9ba36a0f55df00abf953 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86700fbdff43c3fbe7be2f9d572a49d5e73cdbe299cb9ba36a0f55df00abf953
Size

965KB
Sample

230422-en4s9sec2w
MD5

1f93676a3e060dc43d302f111001979f
SHA1

d73bcdd3206170adcaa32db14ff336131d7a3904
SHA256

86700fbdff43c3fbe7be2f9d572a49d5e73cdbe299cb9ba36a0f55df00abf953
SHA512

f3a141cce8df771c9f0c570d3335f1b8c70284d1bec86458acf41e04fb4bb059206508c90615c4583538aa35652f977a8dfeef3252a293695668f9d9a4fff0bf
SSDEEP

24576:zyq9oFJlm1sedG0mSG8Xh8rd+c0wkws5tZNQ7Ym4UM6I:GwoQ+ekNSXh8Z0wRs5tH4Ym5d

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  86700fbdff43c3fbe7be2f9d572a49d5e73cdbe299cb9ba36a0f55df00abf953
- Size
  
  965KB
- MD5
  
  1f93676a3e060dc43d302f111001979f
- SHA1
  
  d73bcdd3206170adcaa32db14ff336131d7a3904
- SHA256
  
  86700fbdff43c3fbe7be2f9d572a49d5e73cdbe299cb9ba36a0f55df00abf953
- SHA512
  
  f3a141cce8df771c9f0c570d3335f1b8c70284d1bec86458acf41e04fb4bb059206508c90615c4583538aa35652f977a8dfeef3252a293695668f9d9a4fff0bf
- SSDEEP
  
  24576:zyq9oFJlm1sedG0mSG8Xh8rd+c0wkws5tZNQ7Ym4UM6I:GwoQ+ekNSXh8Z0wRs5tH4Ym5d
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan