978c9d920fbfb518845d504d97b74f7b7a9d27a219e0c0d56de4e587bce0c00b | Triage

Sharing

General

Target

978c9d920fbfb518845d504d97b74f7b7a9d27a219e0c0d56de4e587bce0c00b
Size

752KB
Sample

230424-n56hvsbf45
MD5

2e8172fc6b5ddedcb5f9a74ed34d6a8a
SHA1

62850374370720081109c54af0cc8c0353ecdb3d
SHA256

978c9d920fbfb518845d504d97b74f7b7a9d27a219e0c0d56de4e587bce0c00b
SHA512

87176f4e97a6dd7290045215ea5796ff4b8743c0502c1321c32f752b1ddebea95aefd153cd54d25e387c2aa914870b283c09d48b2e82034d704ffbf4436264a1
SSDEEP

12288:cy90xIa+OnyZWqPMLIxm3ZQTuAZ4qnVUjf8Wzr1xdp8dW/6VZAsOny:cy3ccEsWAZZV68Wzrnz8ACZ7Uy

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  978c9d920fbfb518845d504d97b74f7b7a9d27a219e0c0d56de4e587bce0c00b
- Size
  
  752KB
- MD5
  
  2e8172fc6b5ddedcb5f9a74ed34d6a8a
- SHA1
  
  62850374370720081109c54af0cc8c0353ecdb3d
- SHA256
  
  978c9d920fbfb518845d504d97b74f7b7a9d27a219e0c0d56de4e587bce0c00b
- SHA512
  
  87176f4e97a6dd7290045215ea5796ff4b8743c0502c1321c32f752b1ddebea95aefd153cd54d25e387c2aa914870b283c09d48b2e82034d704ffbf4436264a1
- SSDEEP
  
  12288:cy90xIa+OnyZWqPMLIxm3ZQTuAZ4qnVUjf8Wzr1xdp8dW/6VZAsOny:cy3ccEsWAZZV68Wzrnz8ACZ7Uy
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan