26d9445b3fd71e4e5b3d96dccefcb62730650ef97bc98055fca893a13890dcd9 | Triage

Sharing

General

Target

26d9445b3fd71e4e5b3d96dccefcb62730650ef97bc98055fca893a13890dcd9
Size

747KB
Sample

230424-16zsxseh34
MD5

21fd3b864f46692b8ab2a75f8cb0c8e8
SHA1

d1a4935940df3f46818fcd74bae83ec1fb2bc256
SHA256

26d9445b3fd71e4e5b3d96dccefcb62730650ef97bc98055fca893a13890dcd9
SHA512

72381b5ee6166ffca832d2110448ee7414f3dbe610f054fc9b478c1d89c33a0cae85aec50041dc84cc3208527be8f4bed17a3a01c36df46554ed73e1b482cb1d
SSDEEP

12288:vy90HhzA5pAwGH0M4+uYhR3I0U/juuUlo0wO58bs4wN20LfWAPGlR:vyQhHLH0MUYbIjSuUlo0wOWbsZDLfWS0

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  26d9445b3fd71e4e5b3d96dccefcb62730650ef97bc98055fca893a13890dcd9
- Size
  
  747KB
- MD5
  
  21fd3b864f46692b8ab2a75f8cb0c8e8
- SHA1
  
  d1a4935940df3f46818fcd74bae83ec1fb2bc256
- SHA256
  
  26d9445b3fd71e4e5b3d96dccefcb62730650ef97bc98055fca893a13890dcd9
- SHA512
  
  72381b5ee6166ffca832d2110448ee7414f3dbe610f054fc9b478c1d89c33a0cae85aec50041dc84cc3208527be8f4bed17a3a01c36df46554ed73e1b482cb1d
- SSDEEP
  
  12288:vy90HhzA5pAwGH0M4+uYhR3I0U/juuUlo0wO58bs4wN20LfWAPGlR:vyQhHLH0MUYbIjSuUlo0wOWbsZDLfWS0
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan