78a6b681b4d17506aebdc880a58637c04493ec3cef52a386df0c843b34dbc4f2 | Triage

Sharing

General

Target

78a6b681b4d17506aebdc880a58637c04493ec3cef52a386df0c843b34dbc4f2
Size

563KB
Sample

230423-zjxjlsfg73
MD5

e0fe57f1936f08fabc56d23479a7c06b
SHA1

3b576bf7bb464a05235d408a6da7d05907749c48
SHA256

78a6b681b4d17506aebdc880a58637c04493ec3cef52a386df0c843b34dbc4f2
SHA512

3c3a21a7fe622e4d3bcda35dd393c2f7b8c352555820e8d30704b435f72645dd239465e61474f8036ba1e3b56033697e46987f072374753c354d74d7650522bc
SSDEEP

12288:wy90ue7BlLBfHDIcOThMH2QDCeimK4fXb:wyHWHDIBNy20ImKeb

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  78a6b681b4d17506aebdc880a58637c04493ec3cef52a386df0c843b34dbc4f2
- Size
  
  563KB
- MD5
  
  e0fe57f1936f08fabc56d23479a7c06b
- SHA1
  
  3b576bf7bb464a05235d408a6da7d05907749c48
- SHA256
  
  78a6b681b4d17506aebdc880a58637c04493ec3cef52a386df0c843b34dbc4f2
- SHA512
  
  3c3a21a7fe622e4d3bcda35dd393c2f7b8c352555820e8d30704b435f72645dd239465e61474f8036ba1e3b56033697e46987f072374753c354d74d7650522bc
- SSDEEP
  
  12288:wy90ue7BlLBfHDIcOThMH2QDCeimK4fXb:wyHWHDIBNy20ImKeb
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan