b9e05bb59fb617049a606e8686975ccdf29a75b0193fd9487d792eb09645669d | Triage

Sharing

General

Target

b9e05bb59fb617049a606e8686975ccdf29a75b0193fd9487d792eb09645669d
Size

706KB
Sample

230423-ph2rtseh5s
MD5

df7d0b04ec0be6ff0e4499522a3c12f0
SHA1

1129c3e484a5632e6cde229615f858d1a3840e4e
SHA256

b9e05bb59fb617049a606e8686975ccdf29a75b0193fd9487d792eb09645669d
SHA512

17aaa21cec7082a48214e084e50b95ff003384ff832884d97556e55fa188c89727549aee19455d24ca953692de70291cbad37a16bc4a0ef01cad76718b38381b
SSDEEP

12288:Vy904Ia8C3+NTGdC0xAxwtnZgF8AteaXMCxfjT9wmY+dg26oyzPNJeUNR1jsnj:VyiCOVDKZKtea8CxfP9wgZlyLeufQ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  b9e05bb59fb617049a606e8686975ccdf29a75b0193fd9487d792eb09645669d
- Size
  
  706KB
- MD5
  
  df7d0b04ec0be6ff0e4499522a3c12f0
- SHA1
  
  1129c3e484a5632e6cde229615f858d1a3840e4e
- SHA256
  
  b9e05bb59fb617049a606e8686975ccdf29a75b0193fd9487d792eb09645669d
- SHA512
  
  17aaa21cec7082a48214e084e50b95ff003384ff832884d97556e55fa188c89727549aee19455d24ca953692de70291cbad37a16bc4a0ef01cad76718b38381b
- SSDEEP
  
  12288:Vy904Ia8C3+NTGdC0xAxwtnZgF8AteaXMCxfjT9wmY+dg26oyzPNJeUNR1jsnj:VyiCOVDKZKtea8CxfP9wgZlyLeufQ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan