a72904052972532c16349ac8d25deb68c701e39623d784a8e9edd3c177c7970c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a72904052972532c16349ac8d25deb68c701e39623d784a8e9edd3c177c7970c
Size

560KB
Sample

230422-ybv55sgd54
MD5

b05447ed2219e3297898c2e8b2b3611d
SHA1

1b08ea591234aeb82ca5c91178c68ffa9174713b
SHA256

a72904052972532c16349ac8d25deb68c701e39623d784a8e9edd3c177c7970c
SHA512

e88bff9fec6a0981257d5b055f406fcebe8bffd8f807ca8a673589104dde08e07c8e743b734f65ab415aebde04a0ee3042a3d8ea714254a5f633bc151d97437e
SSDEEP

12288:ry90bNlTh8ZK0y03KaG7d/yViGraLHzMXC6NxLmeA:ryiNlNqVy030dKVHraHExLQ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  a72904052972532c16349ac8d25deb68c701e39623d784a8e9edd3c177c7970c
- Size
  
  560KB
- MD5
  
  b05447ed2219e3297898c2e8b2b3611d
- SHA1
  
  1b08ea591234aeb82ca5c91178c68ffa9174713b
- SHA256
  
  a72904052972532c16349ac8d25deb68c701e39623d784a8e9edd3c177c7970c
- SHA512
  
  e88bff9fec6a0981257d5b055f406fcebe8bffd8f807ca8a673589104dde08e07c8e743b734f65ab415aebde04a0ee3042a3d8ea714254a5f633bc151d97437e
- SSDEEP
  
  12288:ry90bNlTh8ZK0y03KaG7d/yViGraLHzMXC6NxLmeA:ryiNlNqVy030dKVHraHExLQ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan