6ef620b9dfb2e6aa0432fd42d8e1d38a9b1e33a04a3d35d0c408823428339f72 | Triage

Sharing

General

Target

6ef620b9dfb2e6aa0432fd42d8e1d38a9b1e33a04a3d35d0c408823428339f72
Size

618KB
Sample

230424-jjsmnacb8y
MD5

1f46b235c3532e6dd2c641cf2b16f364
SHA1

8b23fd6f3fc638c54e8ad5e602571a0d8bdb33bd
SHA256

6ef620b9dfb2e6aa0432fd42d8e1d38a9b1e33a04a3d35d0c408823428339f72
SHA512

86495f7375fc0ee86eb59cfc9ec355ecc0c179bedb1d3476c6d23a08c77a60e53b8463c17dacd741597369cc84206d383014e797b52a5168abe1311668f3b6f3
SSDEEP

12288:uy90udCCyH70Ss89LNleRvcENPBWJwCfYgfVhwyRj:uyBuU8BUYJ/nlj

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6ef620b9dfb2e6aa0432fd42d8e1d38a9b1e33a04a3d35d0c408823428339f72
- Size
  
  618KB
- MD5
  
  1f46b235c3532e6dd2c641cf2b16f364
- SHA1
  
  8b23fd6f3fc638c54e8ad5e602571a0d8bdb33bd
- SHA256
  
  6ef620b9dfb2e6aa0432fd42d8e1d38a9b1e33a04a3d35d0c408823428339f72
- SHA512
  
  86495f7375fc0ee86eb59cfc9ec355ecc0c179bedb1d3476c6d23a08c77a60e53b8463c17dacd741597369cc84206d383014e797b52a5168abe1311668f3b6f3
- SSDEEP
  
  12288:uy90udCCyH70Ss89LNleRvcENPBWJwCfYgfVhwyRj:uyBuU8BUYJ/nlj
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan