da03a91e784240c6a30d1447c142c8bfa819292d7e771f526224e40ad0deac52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da03a91e784240c6a30d1447c142c8bfa819292d7e771f526224e40ad0deac52
Size

618KB
Sample

230424-lbcmkscf4w
MD5

f29c265c6697687d16a4b627d425b87b
SHA1

a2677b526a73b460e5fb916bf255c03dfe45da4b
SHA256

da03a91e784240c6a30d1447c142c8bfa819292d7e771f526224e40ad0deac52
SHA512

7ecedb52930dc21a59bc4828e92621253a9c0deb1c1d611cdca77a14a86e9ebe0cd83d44b2b0dd3b5ccccfda1bee4283e61b2dd0e5138f65b9378ffa16e980f6
SSDEEP

12288:Afy90HmEfYQ42f1RcA8zYcAEYjHR1xjAHqk9F6ArLJn:Afy9EQQ42tRcicIRHJkhvx

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  da03a91e784240c6a30d1447c142c8bfa819292d7e771f526224e40ad0deac52
- Size
  
  618KB
- MD5
  
  f29c265c6697687d16a4b627d425b87b
- SHA1
  
  a2677b526a73b460e5fb916bf255c03dfe45da4b
- SHA256
  
  da03a91e784240c6a30d1447c142c8bfa819292d7e771f526224e40ad0deac52
- SHA512
  
  7ecedb52930dc21a59bc4828e92621253a9c0deb1c1d611cdca77a14a86e9ebe0cd83d44b2b0dd3b5ccccfda1bee4283e61b2dd0e5138f65b9378ffa16e980f6
- SSDEEP
  
  12288:Afy90HmEfYQ42f1RcA8zYcAEYjHR1xjAHqk9F6ArLJn:Afy9EQQ42tRcicIRHJkhvx
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan