17b82e951070ca98803bb0b70a6f91a496dbe5466ddcb2148d9f4fff9d8f4c0f | Triage

Sharing

General

Target

17b82e951070ca98803bb0b70a6f91a496dbe5466ddcb2148d9f4fff9d8f4c0f
Size

747KB
Sample

230424-ry9tgseb7w
MD5

3d5cc89d895e0eb91e40f5ad84cfe741
SHA1

8716ef1d074e94af39dd23ecbcb95c6681376a9f
SHA256

17b82e951070ca98803bb0b70a6f91a496dbe5466ddcb2148d9f4fff9d8f4c0f
SHA512

c49e75788515ea33e237ed93eb731732598f94efda90af2cb6d360343ccf9cd2a8ff83d8d5382551f095ff81d2eb8c16030adcc80406cad02a78974fb7e3b5c5
SSDEEP

12288:fy90nNHNNy3/glElfo4W5ImzSbzUxX45gHfqixWp7zvmX63RmmMwnj9:fyatuYWlfo4W5lzUzTyfq4W7m5mBnj9

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  17b82e951070ca98803bb0b70a6f91a496dbe5466ddcb2148d9f4fff9d8f4c0f
- Size
  
  747KB
- MD5
  
  3d5cc89d895e0eb91e40f5ad84cfe741
- SHA1
  
  8716ef1d074e94af39dd23ecbcb95c6681376a9f
- SHA256
  
  17b82e951070ca98803bb0b70a6f91a496dbe5466ddcb2148d9f4fff9d8f4c0f
- SHA512
  
  c49e75788515ea33e237ed93eb731732598f94efda90af2cb6d360343ccf9cd2a8ff83d8d5382551f095ff81d2eb8c16030adcc80406cad02a78974fb7e3b5c5
- SSDEEP
  
  12288:fy90nNHNNy3/glElfo4W5ImzSbzUxX45gHfqixWp7zvmX63RmmMwnj9:fyatuYWlfo4W5lzUzTyfq4W7m5mBnj9
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan