32a1d3476997ddbf779d1e8372cd7a57325a54192f80b01eb9142021563369e3 | Triage

Sharing

General

Target

32a1d3476997ddbf779d1e8372cd7a57325a54192f80b01eb9142021563369e3
Size

704KB
Sample

230423-jpt3nsdf7s
MD5

08857fae06f103422f62a3c152a41ed3
SHA1

c5ca6115b250dc7ab84307abcf3e652a5b43f4d2
SHA256

32a1d3476997ddbf779d1e8372cd7a57325a54192f80b01eb9142021563369e3
SHA512

07463182faf7922b7f39d89bc2a7abd7393841d4585f6beb1f8b91192643b794a994fd1505e05d8d2fdef16e332fd27f810a421aecb9273a7415b24aec11c75f
SSDEEP

12288:jy90bxho/WGIlg5BQCh/KaS/3SN5fwnV2jPfNF9miGZa5bIiZtqR4Hefd5Dw+L:jyoo/WZlg5BDjSi5CVUfr9miqaR8LfkU

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  32a1d3476997ddbf779d1e8372cd7a57325a54192f80b01eb9142021563369e3
- Size
  
  704KB
- MD5
  
  08857fae06f103422f62a3c152a41ed3
- SHA1
  
  c5ca6115b250dc7ab84307abcf3e652a5b43f4d2
- SHA256
  
  32a1d3476997ddbf779d1e8372cd7a57325a54192f80b01eb9142021563369e3
- SHA512
  
  07463182faf7922b7f39d89bc2a7abd7393841d4585f6beb1f8b91192643b794a994fd1505e05d8d2fdef16e332fd27f810a421aecb9273a7415b24aec11c75f
- SSDEEP
  
  12288:jy90bxho/WGIlg5BQCh/KaS/3SN5fwnV2jPfNF9miGZa5bIiZtqR4Hefd5Dw+L:jyoo/WZlg5BDjSi5CVUfr9miqaR8LfkU
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan