f34a2c2a4b4214d2980260e29601045b30a1dd5fafcb5b1c32c31d0ddbf957b4 | Triage

Sharing

General

Target

f34a2c2a4b4214d2980260e29601045b30a1dd5fafcb5b1c32c31d0ddbf957b4
Size

563KB
Sample

230424-ea8kashf25
MD5

9bdefcfdcccbbcc27ad0867ce9d10f5d
SHA1

3728628095cf6f5d22992918e01d1b31dcec28ee
SHA256

f34a2c2a4b4214d2980260e29601045b30a1dd5fafcb5b1c32c31d0ddbf957b4
SHA512

36d82cba7db0667fc5947cb541f0b3b7aa3e28ebcba12c697ee9ac5c96db51bc13b8b8cb7b8c3b8ea5d9180f62e6cd03d0c93730515de8be1053f98619b282de
SSDEEP

6144:hUtp0yN90QEFwZ6LN1Iui77sQorsF+BJOFgXA1bJXNklpy/eVOsG+gInfjXNdMYf:fy90/8LgRskLOFgXUXNklonHIf7NeYf

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  f34a2c2a4b4214d2980260e29601045b30a1dd5fafcb5b1c32c31d0ddbf957b4
- Size
  
  563KB
- MD5
  
  9bdefcfdcccbbcc27ad0867ce9d10f5d
- SHA1
  
  3728628095cf6f5d22992918e01d1b31dcec28ee
- SHA256
  
  f34a2c2a4b4214d2980260e29601045b30a1dd5fafcb5b1c32c31d0ddbf957b4
- SHA512
  
  36d82cba7db0667fc5947cb541f0b3b7aa3e28ebcba12c697ee9ac5c96db51bc13b8b8cb7b8c3b8ea5d9180f62e6cd03d0c93730515de8be1053f98619b282de
- SSDEEP
  
  6144:hUtp0yN90QEFwZ6LN1Iui77sQorsF+BJOFgXA1bJXNklpy/eVOsG+gInfjXNdMYf:fy90/8LgRskLOFgXUXNklonHIf7NeYf
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan