03a7fe97b774deee83df572a7b691195edb7be822fa516cd8e83a81e35d21d12 | Triage

Sharing

General

Target

03a7fe97b774deee83df572a7b691195edb7be822fa516cd8e83a81e35d21d12
Size

563KB
Sample

230423-18xrcagc62
MD5

aab760c117e0399d88b8355e12fb1e24
SHA1

397c961a8580722a35502a5fa877f3120b63c8a0
SHA256

03a7fe97b774deee83df572a7b691195edb7be822fa516cd8e83a81e35d21d12
SHA512

43b2a0b170d0f9f1f3434487f03595537f1f65126e5d6a3e81ddba0c5183c91d55425b5e4cf2283e2ac8755468834ff2f392a792c4a6409d0191ee2c709512a7
SSDEEP

12288:/y90NyRb9yrisXDdsOVvzvEgIGUze0VMxnMhVenBpaKJ6Rj:/yMIp5sXOYzcuApVM1KVeByd

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  03a7fe97b774deee83df572a7b691195edb7be822fa516cd8e83a81e35d21d12
- Size
  
  563KB
- MD5
  
  aab760c117e0399d88b8355e12fb1e24
- SHA1
  
  397c961a8580722a35502a5fa877f3120b63c8a0
- SHA256
  
  03a7fe97b774deee83df572a7b691195edb7be822fa516cd8e83a81e35d21d12
- SHA512
  
  43b2a0b170d0f9f1f3434487f03595537f1f65126e5d6a3e81ddba0c5183c91d55425b5e4cf2283e2ac8755468834ff2f392a792c4a6409d0191ee2c709512a7
- SSDEEP
  
  12288:/y90NyRb9yrisXDdsOVvzvEgIGUze0VMxnMhVenBpaKJ6Rj:/yMIp5sXOYzcuApVM1KVeByd
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan