45de1bf700025ffc4c79887cfecf1325d6901a3fabbd608aa7cdd14bfd5ce6de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45de1bf700025ffc4c79887cfecf1325d6901a3fabbd608aa7cdd14bfd5ce6de
Size

707KB
Sample

230422-haq7ssdc35
MD5

c8b9b3f00d18b07bfd181e9f85506482
SHA1

e04320b0286f8e4e33c896ac539e0fcecb8198ac
SHA256

45de1bf700025ffc4c79887cfecf1325d6901a3fabbd608aa7cdd14bfd5ce6de
SHA512

7022391ea83eb330b7f54c25b9bb214c88bc71d075e3206c8d00f4103702491e424c753500b7a3b94e5d146f8f2d6247f9843e7a6eebb8128b068000d674bdd6
SSDEEP

12288:vy90VsuLvUtyNcEBl7d82H+99GWpCzUG/uWd4dreJY8c0YVZd5CIipa0A24:vycsuBNce02hFz7zoreTcTHi7A24

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  45de1bf700025ffc4c79887cfecf1325d6901a3fabbd608aa7cdd14bfd5ce6de
- Size
  
  707KB
- MD5
  
  c8b9b3f00d18b07bfd181e9f85506482
- SHA1
  
  e04320b0286f8e4e33c896ac539e0fcecb8198ac
- SHA256
  
  45de1bf700025ffc4c79887cfecf1325d6901a3fabbd608aa7cdd14bfd5ce6de
- SHA512
  
  7022391ea83eb330b7f54c25b9bb214c88bc71d075e3206c8d00f4103702491e424c753500b7a3b94e5d146f8f2d6247f9843e7a6eebb8128b068000d674bdd6
- SSDEEP
  
  12288:vy90VsuLvUtyNcEBl7d82H+99GWpCzUG/uWd4dreJY8c0YVZd5CIipa0A24:vycsuBNce02hFz7zoreTcTHi7A24
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan