27748c3ef12cf3ab561eb7cec3600cc1738c41a53243de7537edb2f6ac4f7604 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27748c3ef12cf3ab561eb7cec3600cc1738c41a53243de7537edb2f6ac4f7604
Size

704KB
Sample

230423-zz9h4sfh78
MD5

271ebf72b21dcd500c915de741180878
SHA1

a77e841b78a692dae73c957b5ee123996a76a75d
SHA256

27748c3ef12cf3ab561eb7cec3600cc1738c41a53243de7537edb2f6ac4f7604
SHA512

3c47ab13dbbf74faec535066e83fa206e640380ec533674ed79ea5b02c38e832e3256b59d6d0ba0522aa8f67500d38aab85f7411fb7bd1b2073022d6b67cee25
SSDEEP

12288:/y90yI+bZF11qXq/I4t2966rVxVhwJB9bqhA1tRRst3I19zC7nIzNMTV/K/hW+vU:/y8yba4tArVDKJvbqhA1HR8CFCnIpA/r

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  27748c3ef12cf3ab561eb7cec3600cc1738c41a53243de7537edb2f6ac4f7604
- Size
  
  704KB
- MD5
  
  271ebf72b21dcd500c915de741180878
- SHA1
  
  a77e841b78a692dae73c957b5ee123996a76a75d
- SHA256
  
  27748c3ef12cf3ab561eb7cec3600cc1738c41a53243de7537edb2f6ac4f7604
- SHA512
  
  3c47ab13dbbf74faec535066e83fa206e640380ec533674ed79ea5b02c38e832e3256b59d6d0ba0522aa8f67500d38aab85f7411fb7bd1b2073022d6b67cee25
- SSDEEP
  
  12288:/y90yI+bZF11qXq/I4t2966rVxVhwJB9bqhA1tRRst3I19zC7nIzNMTV/K/hW+vU:/y8yba4tArVDKJvbqhA1HR8CFCnIpA/r
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan