78bca442eace3ad5136a1c602d1194e4fe9f6ad1d2471a75a8d4b808a1e73aed | Triage

Sharing

General

Target

78bca442eace3ad5136a1c602d1194e4fe9f6ad1d2471a75a8d4b808a1e73aed
Size

1.2MB
Sample

230424-15scfsgf5x
MD5

a8dcfc1c70049878a1ff16a1866a9788
SHA1

a0394b4b9511ed1f6c1877ee861425b55e628b47
SHA256

78bca442eace3ad5136a1c602d1194e4fe9f6ad1d2471a75a8d4b808a1e73aed
SHA512

504df7d27da7b81db16e042ea3c477b351abce4125b305376c3af80686f8609875464c53333b92a550e0a90102ba95d4b7e20aee7a1d6139474d46b50d174e92
SSDEEP

24576:2GxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:2GMOKSUDNGQp9qKqFR4JUcDLqNp/b

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  78bca442eace3ad5136a1c602d1194e4fe9f6ad1d2471a75a8d4b808a1e73aed
- Size
  
  1.2MB
- MD5
  
  a8dcfc1c70049878a1ff16a1866a9788
- SHA1
  
  a0394b4b9511ed1f6c1877ee861425b55e628b47
- SHA256
  
  78bca442eace3ad5136a1c602d1194e4fe9f6ad1d2471a75a8d4b808a1e73aed
- SHA512
  
  504df7d27da7b81db16e042ea3c477b351abce4125b305376c3af80686f8609875464c53333b92a550e0a90102ba95d4b7e20aee7a1d6139474d46b50d174e92
- SSDEEP
  
  24576:2GxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:2GMOKSUDNGQp9qKqFR4JUcDLqNp/b
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan