e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93 | Triage

Sharing

General

Target

e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
Size

704KB
Sample

230423-ldd87ace74
MD5

a0f2812b3d31e1b5f188d0e9d21d3ab2
SHA1

9bbd00ba7e557d8c3c3915f2b4f16276695a4843
SHA256

e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
SHA512

89e51ae6c9f253294bab26accbfb4fa58eb3437ee5d921d7d4dd2a6dd92a89fcd345015ba4a56296c4d9a85a0e0dbbdb0d22dc6a45f828cdd114a35d17a3b37e
SSDEEP

12288:hy90miH8tFHcsXxXICFk085EfCymad0ipLFSObixbJqbCWi+LlATBge:hy2H8TjzJTfYKFtbixbJqm+LeBge

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
- Size
  
  704KB
- MD5
  
  a0f2812b3d31e1b5f188d0e9d21d3ab2
- SHA1
  
  9bbd00ba7e557d8c3c3915f2b4f16276695a4843
- SHA256
  
  e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
- SHA512
  
  89e51ae6c9f253294bab26accbfb4fa58eb3437ee5d921d7d4dd2a6dd92a89fcd345015ba4a56296c4d9a85a0e0dbbdb0d22dc6a45f828cdd114a35d17a3b37e
- SSDEEP
  
  12288:hy90miH8tFHcsXxXICFk085EfCymad0ipLFSObixbJqbCWi+LlATBge:hy2H8TjzJTfYKFtbixbJqm+LeBge
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan