273331ddc7158ce166a56c1e51e8abc84008a8686a1c3c5a0f9bba752b699cdf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

273331ddc7158ce166a56c1e51e8abc84008a8686a1c3c5a0f9bba752b699cdf
Size

704KB
Sample

230423-3m6s8sge86
MD5

55ddfc59b86fc476cbc4492e7b906f4a
SHA1

4e376a41df672a1a7313bf808f7001cac4d7f345
SHA256

273331ddc7158ce166a56c1e51e8abc84008a8686a1c3c5a0f9bba752b699cdf
SHA512

3d31389c23f78e12d7a6ca279406ba80cf60a4c38867343564d6b7d0b8aea9f039ccbca8b902af2fb365aa3994d57d76a3c9668c2f21ed00b3e11029b4f125c1
SSDEEP

12288:Py90EnYvMweBuhiMGozWeiT1TDE82753cECCf01Z8ktsI1gzCSCIzKMGV/K14QRM:PyhnEzAuYoZiT1M82753cEnTk7MjCI2R

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  273331ddc7158ce166a56c1e51e8abc84008a8686a1c3c5a0f9bba752b699cdf
- Size
  
  704KB
- MD5
  
  55ddfc59b86fc476cbc4492e7b906f4a
- SHA1
  
  4e376a41df672a1a7313bf808f7001cac4d7f345
- SHA256
  
  273331ddc7158ce166a56c1e51e8abc84008a8686a1c3c5a0f9bba752b699cdf
- SHA512
  
  3d31389c23f78e12d7a6ca279406ba80cf60a4c38867343564d6b7d0b8aea9f039ccbca8b902af2fb365aa3994d57d76a3c9668c2f21ed00b3e11029b4f125c1
- SSDEEP
  
  12288:Py90EnYvMweBuhiMGozWeiT1TDE82753cECCf01Z8ktsI1gzCSCIzKMGV/K14QRM:PyhnEzAuYoZiT1M82753cEnTk7MjCI2R
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan