9297badad88e71e0f9b9a3693c6c58e6a7dc6885d158fc308e3567368147e323 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9297badad88e71e0f9b9a3693c6c58e6a7dc6885d158fc308e3567368147e323
Size

698KB
Sample

230422-vmaf2ahe5z
MD5

b698d70015a75f29d6f6eb69aa7f809e
SHA1

33688865708dbbdca20625a3ca6797c410811173
SHA256

9297badad88e71e0f9b9a3693c6c58e6a7dc6885d158fc308e3567368147e323
SHA512

ea19e326fe8c5bdcaeb60650db94889103ec4b0def0dabc40ace9e3012bba55e04cd4952913b4685d489ab11ac0f9d237551ca6926e1258752237dd8518ba9cb
SSDEEP

12288:dy90UD36Uo3cGceH33TmZA0pT9jEURV6NEn0J+3qzy09SvEUiIl2C:dyhD36hcReX3mp5jEUrr6zy0ENiIlN

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  9297badad88e71e0f9b9a3693c6c58e6a7dc6885d158fc308e3567368147e323
- Size
  
  698KB
- MD5
  
  b698d70015a75f29d6f6eb69aa7f809e
- SHA1
  
  33688865708dbbdca20625a3ca6797c410811173
- SHA256
  
  9297badad88e71e0f9b9a3693c6c58e6a7dc6885d158fc308e3567368147e323
- SHA512
  
  ea19e326fe8c5bdcaeb60650db94889103ec4b0def0dabc40ace9e3012bba55e04cd4952913b4685d489ab11ac0f9d237551ca6926e1258752237dd8518ba9cb
- SSDEEP
  
  12288:dy90UD36Uo3cGceH33TmZA0pT9jEURV6NEn0J+3qzy09SvEUiIl2C:dyhD36hcReX3mp5jEUrr6zy0ENiIlN
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan