56fe97bd5f9f9a6b5bc96f428fbe5213c113bc6fac991013a663cb7dd871f55f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56fe97bd5f9f9a6b5bc96f428fbe5213c113bc6fac991013a663cb7dd871f55f
Size

566KB
Sample

230423-k8eb1aeb3v
MD5

d769846b7c19721dda983cca5610b807
SHA1

274d60f5c64d5b3952cb8d4e7a7b301c077b1466
SHA256

56fe97bd5f9f9a6b5bc96f428fbe5213c113bc6fac991013a663cb7dd871f55f
SHA512

7a05240f22232c57ada54a92d9e5cfcfd6df2691388b67d7af92a232bcd3b2f6bfe701354a5633ceb6f7865742773aaea4c283adcbcd21cee7984d0919054863
SSDEEP

12288:xy90zCVA1SdgDvIaWsMwu78MejCO9l5P:xyrVAXDQa3Mwu7uC63

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  56fe97bd5f9f9a6b5bc96f428fbe5213c113bc6fac991013a663cb7dd871f55f
- Size
  
  566KB
- MD5
  
  d769846b7c19721dda983cca5610b807
- SHA1
  
  274d60f5c64d5b3952cb8d4e7a7b301c077b1466
- SHA256
  
  56fe97bd5f9f9a6b5bc96f428fbe5213c113bc6fac991013a663cb7dd871f55f
- SHA512
  
  7a05240f22232c57ada54a92d9e5cfcfd6df2691388b67d7af92a232bcd3b2f6bfe701354a5633ceb6f7865742773aaea4c283adcbcd21cee7984d0919054863
- SSDEEP
  
  12288:xy90zCVA1SdgDvIaWsMwu78MejCO9l5P:xyrVAXDQa3Mwu7uC63
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan