a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc | Triage

Sharing

General

Target

a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc
Size

965KB
Sample

230422-jff5fsde72
MD5

414b0b8c7e6a23c76a9547224e9e8115
SHA1

be26eaca6c77f2830d68732c88297decc5cd59a9
SHA256

a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc
SHA512

9cf7a617fb7842d42daef5e53201faa17755a618a6e55c03550a7214956ab14559e80a7b9f31d56c3548cc511c37da119369f3cdda400fcdefc779f9b523dad6
SSDEEP

24576:6yScIkBD2JW+NN9HHpcV5C0rdicgOPdCKmyS5tF2:B9fd2Jdh4VFgOP4+c

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc
- Size
  
  965KB
- MD5
  
  414b0b8c7e6a23c76a9547224e9e8115
- SHA1
  
  be26eaca6c77f2830d68732c88297decc5cd59a9
- SHA256
  
  a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc
- SHA512
  
  9cf7a617fb7842d42daef5e53201faa17755a618a6e55c03550a7214956ab14559e80a7b9f31d56c3548cc511c37da119369f3cdda400fcdefc779f9b523dad6
- SSDEEP
  
  24576:6yScIkBD2JW+NN9HHpcV5C0rdicgOPdCKmyS5tF2:B9fd2Jdh4VFgOP4+c
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan