d4d159c1a88daa78d7cfeb54e177e2faf784ac80284954ebe682cac606f1168f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4d159c1a88daa78d7cfeb54e177e2faf784ac80284954ebe682cac606f1168f
Size

560KB
Sample

230423-fdgfnacf81
MD5

28dac51ca694c297140e1f28bad29114
SHA1

86f07be0a60ca155d0c23fe09736e18f31fc1e98
SHA256

d4d159c1a88daa78d7cfeb54e177e2faf784ac80284954ebe682cac606f1168f
SHA512

40817fae8973f73d94ee1fcaaae0313b9b81b5d0e8ef6de01ba88f9b621ad69e0ca0be9fefa9a9466b98a10cc976db8bf7181e11266e261ffd09889ee4ad3ceb
SSDEEP

12288:Sy90Nc6nOkyzbvejERzl2PphyefFTV1BAudVJHgoTU82b:SyGOkyzbvejERzg/pbSJb

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d4d159c1a88daa78d7cfeb54e177e2faf784ac80284954ebe682cac606f1168f
- Size
  
  560KB
- MD5
  
  28dac51ca694c297140e1f28bad29114
- SHA1
  
  86f07be0a60ca155d0c23fe09736e18f31fc1e98
- SHA256
  
  d4d159c1a88daa78d7cfeb54e177e2faf784ac80284954ebe682cac606f1168f
- SHA512
  
  40817fae8973f73d94ee1fcaaae0313b9b81b5d0e8ef6de01ba88f9b621ad69e0ca0be9fefa9a9466b98a10cc976db8bf7181e11266e261ffd09889ee4ad3ceb
- SSDEEP
  
  12288:Sy90Nc6nOkyzbvejERzl2PphyefFTV1BAudVJHgoTU82b:SyGOkyzbvejERzg/pbSJb
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan