038ec5eac8312f688db094973f6d872ad32a9a63124db6b2259131060ca5d81d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038ec5eac8312f688db094973f6d872ad32a9a63124db6b2259131060ca5d81d
Size

564KB
Sample

230423-3n9xaage92
MD5

1c6acdb718917fabd9f75705b2cc3581
SHA1

ae3ef9f8224028ee9706e926534e73fcf22e3a9a
SHA256

038ec5eac8312f688db094973f6d872ad32a9a63124db6b2259131060ca5d81d
SHA512

ad0d6eb710b924a9fe28c00f9a3b4eb20d79255e5522b903168e1219b61ed1d0a2bf943496be7867a78a9891708d345f8f17d86dabab22afeeb8bf29f61cc463
SSDEEP

12288:vy90f2UZNLHyKSVXgDUKi7foJ3ICLzN0tv0nMTJIyq6qYrx8cY:vy5YSFVXgOMzXmtv08O7nyx83

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  038ec5eac8312f688db094973f6d872ad32a9a63124db6b2259131060ca5d81d
- Size
  
  564KB
- MD5
  
  1c6acdb718917fabd9f75705b2cc3581
- SHA1
  
  ae3ef9f8224028ee9706e926534e73fcf22e3a9a
- SHA256
  
  038ec5eac8312f688db094973f6d872ad32a9a63124db6b2259131060ca5d81d
- SHA512
  
  ad0d6eb710b924a9fe28c00f9a3b4eb20d79255e5522b903168e1219b61ed1d0a2bf943496be7867a78a9891708d345f8f17d86dabab22afeeb8bf29f61cc463
- SSDEEP
  
  12288:vy90f2UZNLHyKSVXgDUKi7foJ3ICLzN0tv0nMTJIyq6qYrx8cY:vy5YSFVXgOMzXmtv08O7nyx83
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan