6eec5ec6dec5555aaf0bb39bcdb0c0d9660238a57ceef987ed41b1d06f0f3d4c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6eec5ec6dec5555aaf0bb39bcdb0c0d9660238a57ceef987ed41b1d06f0f3d4c
Size

569KB
Sample

230422-n4ptqagd6w
MD5

35c99b9227aaca9346471c8645f9fc2a
SHA1

ec30ac0fee2f99beefe6e1217b6f68f69f144340
SHA256

6eec5ec6dec5555aaf0bb39bcdb0c0d9660238a57ceef987ed41b1d06f0f3d4c
SHA512

66b27333f84670784ee0748f84a4948a4ef8d6e030d7d13be3c02446893af25b1dc8c96de30fe46cce4c62318d35e79dd7f39e552236e07ad9fd4477971fe79c
SSDEEP

12288:Ly90B1zoWZqVVR3GBHi4Fx8WYgi+4mm16KIdu7pZ:LyczZqVVhoC6jYN+4mm9Z

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6eec5ec6dec5555aaf0bb39bcdb0c0d9660238a57ceef987ed41b1d06f0f3d4c
- Size
  
  569KB
- MD5
  
  35c99b9227aaca9346471c8645f9fc2a
- SHA1
  
  ec30ac0fee2f99beefe6e1217b6f68f69f144340
- SHA256
  
  6eec5ec6dec5555aaf0bb39bcdb0c0d9660238a57ceef987ed41b1d06f0f3d4c
- SHA512
  
  66b27333f84670784ee0748f84a4948a4ef8d6e030d7d13be3c02446893af25b1dc8c96de30fe46cce4c62318d35e79dd7f39e552236e07ad9fd4477971fe79c
- SSDEEP
  
  12288:Ly90B1zoWZqVVR3GBHi4Fx8WYgi+4mm16KIdu7pZ:LyczZqVVhoC6jYN+4mm9Z
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan