0633d318f4725b99763a5b1c774237a8d2cc16f983547ae44dd857961b090fed | Triage

Sharing

General

Target

0633d318f4725b99763a5b1c774237a8d2cc16f983547ae44dd857961b090fed
Size

700KB
Sample

230422-t3ym5afg23
MD5

88bacaf5e86ec5466d00af286e2ba2c3
SHA1

1047f983e6aaad4cf35e015c203dcc675d790f5a
SHA256

0633d318f4725b99763a5b1c774237a8d2cc16f983547ae44dd857961b090fed
SHA512

24a31a13026d9a09991f4c7b9dc7a70d87831d3a285727b3cdb18bcfa69afee5dd675ab9313f25a54183c15b88445945e4416d3c66fe4f0814517014b0384b0e
SSDEEP

12288:yy90E+wUnS7bXa0VBXJr1nZigkMdEMxqAbr4HsEaaTKMVdbP65aMB3k+eD:yy/ZuSHnvtFZzEckMzaGuDx

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0633d318f4725b99763a5b1c774237a8d2cc16f983547ae44dd857961b090fed
- Size
  
  700KB
- MD5
  
  88bacaf5e86ec5466d00af286e2ba2c3
- SHA1
  
  1047f983e6aaad4cf35e015c203dcc675d790f5a
- SHA256
  
  0633d318f4725b99763a5b1c774237a8d2cc16f983547ae44dd857961b090fed
- SHA512
  
  24a31a13026d9a09991f4c7b9dc7a70d87831d3a285727b3cdb18bcfa69afee5dd675ab9313f25a54183c15b88445945e4416d3c66fe4f0814517014b0384b0e
- SSDEEP
  
  12288:yy90E+wUnS7bXa0VBXJr1nZigkMdEMxqAbr4HsEaaTKMVdbP65aMB3k+eD:yy/ZuSHnvtFZzEckMzaGuDx
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan