dc88769a2e6dfca6879e70404c635ea3ea8349a55c44dcd2055be751b3f12b6b | Triage

Sharing

General

Target

dc88769a2e6dfca6879e70404c635ea3ea8349a55c44dcd2055be751b3f12b6b
Size

753KB
Sample

230424-na6v5sbd84
MD5

6d0dd17af1c4a06f6c2152234e560c54
SHA1

214ec04710a5fdb6f50a25c57535e31240dbc625
SHA256

dc88769a2e6dfca6879e70404c635ea3ea8349a55c44dcd2055be751b3f12b6b
SHA512

2ee4e07dc42cff95b846ba811494a82c299c1cc8fe5a2ae81134a774f986c57cd0ca5f1ee9b2eda89d7a5b4f146fe57002e2b9ffcc0556b711a741d92a09d775
SSDEEP

12288:yy90/78PXm3N7uWdgqRtxiDZLGmWAWOA2PiWdOgCvIqxdKNnWH6VZCDP14D2E:yye78fG7HdgqjMNLGPAWOA2PiWKHwN+u

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  dc88769a2e6dfca6879e70404c635ea3ea8349a55c44dcd2055be751b3f12b6b
- Size
  
  753KB
- MD5
  
  6d0dd17af1c4a06f6c2152234e560c54
- SHA1
  
  214ec04710a5fdb6f50a25c57535e31240dbc625
- SHA256
  
  dc88769a2e6dfca6879e70404c635ea3ea8349a55c44dcd2055be751b3f12b6b
- SHA512
  
  2ee4e07dc42cff95b846ba811494a82c299c1cc8fe5a2ae81134a774f986c57cd0ca5f1ee9b2eda89d7a5b4f146fe57002e2b9ffcc0556b711a741d92a09d775
- SSDEEP
  
  12288:yy90/78PXm3N7uWdgqRtxiDZLGmWAWOA2PiWdOgCvIqxdKNnWH6VZCDP14D2E:yye78fG7HdgqjMNLGPAWOA2PiWKHwN+u
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan