d0336cf10b94532e87b92612422e5874f93d2e708907b7cc6ae2a881e2cdcaed | Triage

Sharing

General

Target

d0336cf10b94532e87b92612422e5874f93d2e708907b7cc6ae2a881e2cdcaed
Size

702KB
Sample

230423-xjmnasgh5y
MD5

ede61ad1981cc24f8031533306ac863c
SHA1

a5d2a30be6e88a9efb9864211aaf41cb1cf46fff
SHA256

d0336cf10b94532e87b92612422e5874f93d2e708907b7cc6ae2a881e2cdcaed
SHA512

f6ec923be12a9b2da2cfcaa70a2bcd9ff36781143142bea1cbc84b8cb10cc1d6fcf95b261913e3357436f603baf80c01cd696bd48b8bfde2955b0421f2198549
SSDEEP

12288:Sy90BWIJUKatM/D3Ialf55N2x/B7XjkoL0rHeaNiFlFv:SyKuKEMbYalfx2x/B7zk5+RR

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d0336cf10b94532e87b92612422e5874f93d2e708907b7cc6ae2a881e2cdcaed
- Size
  
  702KB
- MD5
  
  ede61ad1981cc24f8031533306ac863c
- SHA1
  
  a5d2a30be6e88a9efb9864211aaf41cb1cf46fff
- SHA256
  
  d0336cf10b94532e87b92612422e5874f93d2e708907b7cc6ae2a881e2cdcaed
- SHA512
  
  f6ec923be12a9b2da2cfcaa70a2bcd9ff36781143142bea1cbc84b8cb10cc1d6fcf95b261913e3357436f603baf80c01cd696bd48b8bfde2955b0421f2198549
- SSDEEP
  
  12288:Sy90BWIJUKatM/D3Ialf55N2x/B7XjkoL0rHeaNiFlFv:SyKuKEMbYalfx2x/B7zk5+RR
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan