4fd2860a85c35624b09f260c2a8121432933a573faa96a0efe50432153a205fb | Triage

Sharing

General

Target

4fd2860a85c35624b09f260c2a8121432933a573faa96a0efe50432153a205fb
Size

618KB
Sample

230424-k76pvscf3s
MD5

3362f1ff203bc2d9e769122af3f4de3e
SHA1

fe9d0e2cb652ae36505c01a039c96beabddc05fb
SHA256

4fd2860a85c35624b09f260c2a8121432933a573faa96a0efe50432153a205fb
SHA512

08fda91830802d54ef5aa427d2bfcaa90087a249b6f29bb5f12c397de41ea93c2b24d189ea6ee14f2b0dc647d1ea9c12f1df2b3f39e17e18cf06d154ef061b76
SSDEEP

12288:7y90dri0BukTQJ4Q6jEJSVnBrxoYMxjTHhzIc5qUY9lxv:7yizRTRQ6j/nUY4VzIc4xv

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  4fd2860a85c35624b09f260c2a8121432933a573faa96a0efe50432153a205fb
- Size
  
  618KB
- MD5
  
  3362f1ff203bc2d9e769122af3f4de3e
- SHA1
  
  fe9d0e2cb652ae36505c01a039c96beabddc05fb
- SHA256
  
  4fd2860a85c35624b09f260c2a8121432933a573faa96a0efe50432153a205fb
- SHA512
  
  08fda91830802d54ef5aa427d2bfcaa90087a249b6f29bb5f12c397de41ea93c2b24d189ea6ee14f2b0dc647d1ea9c12f1df2b3f39e17e18cf06d154ef061b76
- SSDEEP
  
  12288:7y90dri0BukTQJ4Q6jEJSVnBrxoYMxjTHhzIc5qUY9lxv:7yizRTRQ6j/nUY4VzIc4xv
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan