2949467ea1d63888369b416c9035aec287fb2fa70e70667a75ec3f4c77aad390 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2949467ea1d63888369b416c9035aec287fb2fa70e70667a75ec3f4c77aad390
Size

617KB
Sample

230424-mxm6wabc78
MD5

bee08eb7fafc696c21c62b19822be70b
SHA1

e89e4da0cdeb74c8ef0eb352275f04d39c2846d0
SHA256

2949467ea1d63888369b416c9035aec287fb2fa70e70667a75ec3f4c77aad390
SHA512

a04a45f742be0ec0bf3c8f65a52ddc617245d270b2ef529c2ff8c937f19137e8162454a6c4ca1db49e0293eaa15ba30aa2e02eccd2a6fb68e9e257d0be557318
SSDEEP

12288:oy90ukEceOp/5VJSCJZlxdXKuW4gpOoY4rEq:oyfOh57SUNdKTOoBEq

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2949467ea1d63888369b416c9035aec287fb2fa70e70667a75ec3f4c77aad390
- Size
  
  617KB
- MD5
  
  bee08eb7fafc696c21c62b19822be70b
- SHA1
  
  e89e4da0cdeb74c8ef0eb352275f04d39c2846d0
- SHA256
  
  2949467ea1d63888369b416c9035aec287fb2fa70e70667a75ec3f4c77aad390
- SHA512
  
  a04a45f742be0ec0bf3c8f65a52ddc617245d270b2ef529c2ff8c937f19137e8162454a6c4ca1db49e0293eaa15ba30aa2e02eccd2a6fb68e9e257d0be557318
- SSDEEP
  
  12288:oy90ukEceOp/5VJSCJZlxdXKuW4gpOoY4rEq:oyfOh57SUNdKTOoBEq
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan