240dc40465f657f3d6e56fbf1f664f9f3e0d98fd3cca92eeeaca6838d4d70846 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240dc40465f657f3d6e56fbf1f664f9f3e0d98fd3cca92eeeaca6838d4d70846
Size

564KB
Sample

230423-gmda2abd55
MD5

99933f932aea68eab19d3b45f8b2e7cc
SHA1

5ce0b4950708bc16ff28f38a5d5d388578694785
SHA256

240dc40465f657f3d6e56fbf1f664f9f3e0d98fd3cca92eeeaca6838d4d70846
SHA512

5f53ad3c3c4cc45d51633a523c49ecc4f1d33ed883e1226cbd16ccb4557da6a7653d0c1db86c5861241ee8685f3998e31af1fd1b8e8e4d5bf5cd81a43eb09ace
SSDEEP

12288:oy90Xic+l841Zi7jCdKOw3fsICyQwLLWrAj:oytclN7Ew3fsICyQrEj

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  240dc40465f657f3d6e56fbf1f664f9f3e0d98fd3cca92eeeaca6838d4d70846
- Size
  
  564KB
- MD5
  
  99933f932aea68eab19d3b45f8b2e7cc
- SHA1
  
  5ce0b4950708bc16ff28f38a5d5d388578694785
- SHA256
  
  240dc40465f657f3d6e56fbf1f664f9f3e0d98fd3cca92eeeaca6838d4d70846
- SHA512
  
  5f53ad3c3c4cc45d51633a523c49ecc4f1d33ed883e1226cbd16ccb4557da6a7653d0c1db86c5861241ee8685f3998e31af1fd1b8e8e4d5bf5cd81a43eb09ace
- SSDEEP
  
  12288:oy90Xic+l841Zi7jCdKOw3fsICyQwLLWrAj:oytclN7Ew3fsICyQrEj
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan