7d9227bd1804e57af7b644d711812aaf9c530a5f3775e5f4f8f354744723e18a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d9227bd1804e57af7b644d711812aaf9c530a5f3775e5f4f8f354744723e18a
Size

747KB
Sample

230424-za23qsgb6x
MD5

26d681e5e2ca74b05168d4db461f1353
SHA1

83aa71c90ca4799f4b70e2a882887950460e0922
SHA256

7d9227bd1804e57af7b644d711812aaf9c530a5f3775e5f4f8f354744723e18a
SHA512

a2749873c4309844fd5fe23eed3b13ee2d37d3b8b18dba906a202e3a058b13626fcfaaa34a96f790223e269fa0874c622c4ec09b7b1baf48530f8968baeeebc1
SSDEEP

12288:Oy90ZYlpDosO4hnp2sQhtYbaUg7Yg0496FWAn8bs4wksLm+CTDGa:OyDlpMsO4tpIabM7Yg049kV8bsZx9CTX

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  7d9227bd1804e57af7b644d711812aaf9c530a5f3775e5f4f8f354744723e18a
- Size
  
  747KB
- MD5
  
  26d681e5e2ca74b05168d4db461f1353
- SHA1
  
  83aa71c90ca4799f4b70e2a882887950460e0922
- SHA256
  
  7d9227bd1804e57af7b644d711812aaf9c530a5f3775e5f4f8f354744723e18a
- SHA512
  
  a2749873c4309844fd5fe23eed3b13ee2d37d3b8b18dba906a202e3a058b13626fcfaaa34a96f790223e269fa0874c622c4ec09b7b1baf48530f8968baeeebc1
- SSDEEP
  
  12288:Oy90ZYlpDosO4hnp2sQhtYbaUg7Yg0496FWAn8bs4wksLm+CTDGa:OyDlpMsO4tpIabM7Yg049kV8bsZx9CTX
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan