3c76ad2381632bd0c811d56d88e392fd5301aea51aabdbb5fac8ead63898be2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c76ad2381632bd0c811d56d88e392fd5301aea51aabdbb5fac8ead63898be2d
Size

703KB
Sample

230423-zdnphsfg43
MD5

19ec6618bbb80a92376960aaf580c20a
SHA1

df2049e6b2772a3b1d8e047fc7c376c93f7e47e1
SHA256

3c76ad2381632bd0c811d56d88e392fd5301aea51aabdbb5fac8ead63898be2d
SHA512

8f97110d2d163fad5aa3871b7f3167d970da751a22adab959c243f833e8fa467c2ddf1b0afc9cb3493533bf373e776540ba7ae9f8173d935ff938ef47121aa9a
SSDEEP

12288:Dy908MAzGNDxq9mzO+aJD1G+AKdpxBtHeMWCDiPKxSXa6SYv7k:DydXGNDM9lv50+/pDNeplPKxSXa6pv4

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3c76ad2381632bd0c811d56d88e392fd5301aea51aabdbb5fac8ead63898be2d
- Size
  
  703KB
- MD5
  
  19ec6618bbb80a92376960aaf580c20a
- SHA1
  
  df2049e6b2772a3b1d8e047fc7c376c93f7e47e1
- SHA256
  
  3c76ad2381632bd0c811d56d88e392fd5301aea51aabdbb5fac8ead63898be2d
- SHA512
  
  8f97110d2d163fad5aa3871b7f3167d970da751a22adab959c243f833e8fa467c2ddf1b0afc9cb3493533bf373e776540ba7ae9f8173d935ff938ef47121aa9a
- SSDEEP
  
  12288:Dy908MAzGNDxq9mzO+aJD1G+AKdpxBtHeMWCDiPKxSXa6SYv7k:DydXGNDM9lv50+/pDNeplPKxSXa6pv4
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan