2008044eca9a7de9a8b090746d2d000daf61b8a305450ab32d0c8eecc57a54f7 | Triage

Sharing

General

Target

2008044eca9a7de9a8b090746d2d000daf61b8a305450ab32d0c8eecc57a54f7
Size

569KB
Sample

230422-hmvqradc89
MD5

e16aa9c33b0b8bd510d86d8747a0e82f
SHA1

133bd312f8e1e3eaf246254c912b2d9fbfb978b4
SHA256

2008044eca9a7de9a8b090746d2d000daf61b8a305450ab32d0c8eecc57a54f7
SHA512

f3e00ba5a7f331847ae4a712f874d8a8650283e09fcbc944a3111a4dfc0dc0607397fc3800263af3243bdfe4a2ddf95359ada4f5be0793471c6a4c3d2955e114
SSDEEP

12288:cy90+BBqBMbIU8w3hbrTyedSn0Y8405kpymxHNrYbGksfK:cyfBBqBZU8w3hf+ISns4aCYxj

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2008044eca9a7de9a8b090746d2d000daf61b8a305450ab32d0c8eecc57a54f7
- Size
  
  569KB
- MD5
  
  e16aa9c33b0b8bd510d86d8747a0e82f
- SHA1
  
  133bd312f8e1e3eaf246254c912b2d9fbfb978b4
- SHA256
  
  2008044eca9a7de9a8b090746d2d000daf61b8a305450ab32d0c8eecc57a54f7
- SHA512
  
  f3e00ba5a7f331847ae4a712f874d8a8650283e09fcbc944a3111a4dfc0dc0607397fc3800263af3243bdfe4a2ddf95359ada4f5be0793471c6a4c3d2955e114
- SSDEEP
  
  12288:cy90+BBqBMbIU8w3hbrTyedSn0Y8405kpymxHNrYbGksfK:cyfBBqBZU8w3hf+ISns4aCYxj
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan