c187eddaa4a16be54cf3550e4b3451573eb7f6433ea15c1748bef6e81c132456 | Triage

Sharing

General

Target

c187eddaa4a16be54cf3550e4b3451573eb7f6433ea15c1748bef6e81c132456
Size

695KB
Sample

230425-1tmmtsda98
MD5

a8709c5161ec9e1e1942deac36812edb
SHA1

cc95d4c90c83eb13ae4ecae8cdf4d064c1706e1b
SHA256

c187eddaa4a16be54cf3550e4b3451573eb7f6433ea15c1748bef6e81c132456
SHA512

1e970cfde4771230e333a2208f6e948258bc09115042b5066c02887a5fe1f875cd4cbabf2e72a0af9c95764de0ff5fb3f73402439e330c5c9f0764eb9f0a0a47
SSDEEP

12288:Ty90nsYfeQySdHbMcX8nMOqQTDj7XS83XxFdOqHSbZeSN0z1QggBsv:TyOlXymHbMcoGCDjGkFsbZoCggB0

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  c187eddaa4a16be54cf3550e4b3451573eb7f6433ea15c1748bef6e81c132456
- Size
  
  695KB
- MD5
  
  a8709c5161ec9e1e1942deac36812edb
- SHA1
  
  cc95d4c90c83eb13ae4ecae8cdf4d064c1706e1b
- SHA256
  
  c187eddaa4a16be54cf3550e4b3451573eb7f6433ea15c1748bef6e81c132456
- SHA512
  
  1e970cfde4771230e333a2208f6e948258bc09115042b5066c02887a5fe1f875cd4cbabf2e72a0af9c95764de0ff5fb3f73402439e330c5c9f0764eb9f0a0a47
- SSDEEP
  
  12288:Ty90nsYfeQySdHbMcX8nMOqQTDj7XS83XxFdOqHSbZeSN0z1QggBsv:TyOlXymHbMcoGCDjGkFsbZoCggB0
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan