2d345f004d9a59ed84baa2b071445bae7bd9de5c4e61b120f76da57b716998f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d345f004d9a59ed84baa2b071445bae7bd9de5c4e61b120f76da57b716998f1
Size

694KB
Sample

230425-3wg68sdg59
MD5

419e8ea959b680f25d77ea8e69765bc0
SHA1

b646f6ad2254c86377b7fd3c9e24020d8e602b8c
SHA256

2d345f004d9a59ed84baa2b071445bae7bd9de5c4e61b120f76da57b716998f1
SHA512

56489f2771fc3107f5690965853833b0006170b85e42c5a2a4ffb7175e148a8bbf20af1275f28fb4aaabad182dd647c3115f02411a345a0b720d024599d9f3aa
SSDEEP

12288:7y9066jcB4Nqmd9xlscPF6whFTcOTEtq/NWE6Fk18bQKEA+mtq:7y/6jc8Lycd6KFrTQI6Fk18bQ7wq

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2d345f004d9a59ed84baa2b071445bae7bd9de5c4e61b120f76da57b716998f1
- Size
  
  694KB
- MD5
  
  419e8ea959b680f25d77ea8e69765bc0
- SHA1
  
  b646f6ad2254c86377b7fd3c9e24020d8e602b8c
- SHA256
  
  2d345f004d9a59ed84baa2b071445bae7bd9de5c4e61b120f76da57b716998f1
- SHA512
  
  56489f2771fc3107f5690965853833b0006170b85e42c5a2a4ffb7175e148a8bbf20af1275f28fb4aaabad182dd647c3115f02411a345a0b720d024599d9f3aa
- SSDEEP
  
  12288:7y9066jcB4Nqmd9xlscPF6whFTcOTEtq/NWE6Fk18bQKEA+mtq:7y/6jc8Lycd6KFrTQI6Fk18bQ7wq
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan