4d71cb1ffe532720f4e7b2719a527198e6cc9d81a83c903173564cd3a94eb9bd | Triage

Sharing

General

Target

4d71cb1ffe532720f4e7b2719a527198e6cc9d81a83c903173564cd3a94eb9bd
Size

563KB
Sample

230424-dgtjaaba9t
MD5

fc6809eb300c89e4aea77e42930a0aa7
SHA1

a1828cf5560f514a4f2a7ecac48b25f52be8824f
SHA256

4d71cb1ffe532720f4e7b2719a527198e6cc9d81a83c903173564cd3a94eb9bd
SHA512

cc73960fe4b75575a94256eaf564cae12bf5bbb050406deaedb41359cdac22778d218d1566666608fc9157de92a2cb6f8456b3db2a68005de81c2a1c9ada6683
SSDEEP

12288:Yy90sOG2HHqkl1TcZJ6KovsIq7uGukVIi3Uv7u:YyyGsHql6lvdgu0IjK

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  4d71cb1ffe532720f4e7b2719a527198e6cc9d81a83c903173564cd3a94eb9bd
- Size
  
  563KB
- MD5
  
  fc6809eb300c89e4aea77e42930a0aa7
- SHA1
  
  a1828cf5560f514a4f2a7ecac48b25f52be8824f
- SHA256
  
  4d71cb1ffe532720f4e7b2719a527198e6cc9d81a83c903173564cd3a94eb9bd
- SHA512
  
  cc73960fe4b75575a94256eaf564cae12bf5bbb050406deaedb41359cdac22778d218d1566666608fc9157de92a2cb6f8456b3db2a68005de81c2a1c9ada6683
- SSDEEP
  
  12288:Yy90sOG2HHqkl1TcZJ6KovsIq7uGukVIi3Uv7u:YyyGsHql6lvdgu0IjK
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan