d0aa3cd920937edc4f06a73cee56b022ce9081e56fe437a235722112d3c56514 | Triage

Sharing

General

Target

d0aa3cd920937edc4f06a73cee56b022ce9081e56fe437a235722112d3c56514
Size

569KB
Sample

230422-jfqznade75
MD5

85c244d6bc92a3d5ea7fe243ab8d189e
SHA1

d918148957ac783731f4db1a91f4e78567bbd058
SHA256

d0aa3cd920937edc4f06a73cee56b022ce9081e56fe437a235722112d3c56514
SHA512

35575ae9c707d9a0d80149e6e03f7cc6bf4a6fb80380d62a34ba017b406628fb202e3a6b29b7c4092710d587a81ffc671be40051467671f22dd1786230a2744f
SSDEEP

12288:Hy90g3V5uaxoRUtk73HIR+ldwnjY8u0VTHtkOL1tpkmS:HytV5uaPAoUfwnFuWFdkv

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d0aa3cd920937edc4f06a73cee56b022ce9081e56fe437a235722112d3c56514
- Size
  
  569KB
- MD5
  
  85c244d6bc92a3d5ea7fe243ab8d189e
- SHA1
  
  d918148957ac783731f4db1a91f4e78567bbd058
- SHA256
  
  d0aa3cd920937edc4f06a73cee56b022ce9081e56fe437a235722112d3c56514
- SHA512
  
  35575ae9c707d9a0d80149e6e03f7cc6bf4a6fb80380d62a34ba017b406628fb202e3a6b29b7c4092710d587a81ffc671be40051467671f22dd1786230a2744f
- SSDEEP
  
  12288:Hy90g3V5uaxoRUtk73HIR+ldwnjY8u0VTHtkOL1tpkmS:HytV5uaPAoUfwnFuWFdkv
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan