c21188a00659a19d9cf548a70e003704791a356f6d61bdaecc2b8a341323a572 | Triage

Sharing

General

Target

c21188a00659a19d9cf548a70e003704791a356f6d61bdaecc2b8a341323a572
Size

998KB
Sample

230424-mqh9cabc45
MD5

c93356914f6edbe1f05e6b46ca5b24c2
SHA1

2849dfe18049e902abeae54bffcf258bb8d6bb2b
SHA256

c21188a00659a19d9cf548a70e003704791a356f6d61bdaecc2b8a341323a572
SHA512

b0200dddf742e4acef8ffe03434d11413f0b7c95224d286c6367456605d3560ff6b378219200c53aa983653618055af6d1c2c60d878f15f351bbddb4296bd668
SSDEEP

24576:PyrppsSV/g+1JQJf3PtQV5NN2PjlFf8whCWztVBhMGR22/P5SP:arppdJQl3FQxchFfI4BhMin5

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  c21188a00659a19d9cf548a70e003704791a356f6d61bdaecc2b8a341323a572
- Size
  
  998KB
- MD5
  
  c93356914f6edbe1f05e6b46ca5b24c2
- SHA1
  
  2849dfe18049e902abeae54bffcf258bb8d6bb2b
- SHA256
  
  c21188a00659a19d9cf548a70e003704791a356f6d61bdaecc2b8a341323a572
- SHA512
  
  b0200dddf742e4acef8ffe03434d11413f0b7c95224d286c6367456605d3560ff6b378219200c53aa983653618055af6d1c2c60d878f15f351bbddb4296bd668
- SSDEEP
  
  24576:PyrppsSV/g+1JQJf3PtQV5NN2PjlFf8whCWztVBhMGR22/P5SP:arppdJQl3FQxchFfI4BhMin5
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan