9b4bd8b5c05de4ed4096c0accc32e87981f8c931c500db91a5b73a93228538eb | Triage

Sharing

General

Target

9b4bd8b5c05de4ed4096c0accc32e87981f8c931c500db91a5b73a93228538eb
Size

705KB
Sample

230423-z3ne2she5y
MD5

49bb63f6a8f6b8d3b48f5ef4f06503d5
SHA1

df4a9348edbdc1f156b9a853a0a256fd7d110b70
SHA256

9b4bd8b5c05de4ed4096c0accc32e87981f8c931c500db91a5b73a93228538eb
SHA512

42a4f201ea4a3e46d5ea6004e58564fdd807d5118a3249c224a43038cb4cc857c5670303c154f0fe6baf97ad5c382f4e8d20eea4a5c1bb8f83a76f87b4f94817
SSDEEP

12288:ny90kPHit0YXEs8Tp16vZX8+z8JhI1mzCmkIzpMfw/K/vQTCJ664:ny1PCKYXEs8Tp1uXmYOrkI1UfMCJ664

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  9b4bd8b5c05de4ed4096c0accc32e87981f8c931c500db91a5b73a93228538eb
- Size
  
  705KB
- MD5
  
  49bb63f6a8f6b8d3b48f5ef4f06503d5
- SHA1
  
  df4a9348edbdc1f156b9a853a0a256fd7d110b70
- SHA256
  
  9b4bd8b5c05de4ed4096c0accc32e87981f8c931c500db91a5b73a93228538eb
- SHA512
  
  42a4f201ea4a3e46d5ea6004e58564fdd807d5118a3249c224a43038cb4cc857c5670303c154f0fe6baf97ad5c382f4e8d20eea4a5c1bb8f83a76f87b4f94817
- SSDEEP
  
  12288:ny90kPHit0YXEs8Tp16vZX8+z8JhI1mzCmkIzpMfw/K/vQTCJ664:ny1PCKYXEs8Tp1uXmYOrkI1UfMCJ664
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan