ad2d9e0a510ddc1d0702eaf7ed5a6837fa29bbe720d338b980b68a7fe7167cc2 | Triage

Sharing

General

Target

ad2d9e0a510ddc1d0702eaf7ed5a6837fa29bbe720d338b980b68a7fe7167cc2
Size

746KB
Sample

230425-ejx5xsgc88
MD5

e9554b51d7656459bbdbeae8805ec4f4
SHA1

60b7abbb34c376c7d57eab2d7724e66787c135bc
SHA256

ad2d9e0a510ddc1d0702eaf7ed5a6837fa29bbe720d338b980b68a7fe7167cc2
SHA512

fa427d3249cfaa5c27b919134b8c46136cf2da57c73d0547bd4cd9ca0e0e28b34a9f40ce5123ee5d1b6dfd6b2ab13a6190c3c2c0dba729abbff3e7854277ed93
SSDEEP

12288:my9064HXRP2fa09TG9PkqOnI/XLBbiGKfooGywZ+dnh59+9ewBt9XZ0Qw8ZDMWib:myE3RP2y0aPkrgXLEGqrHdnh597Q9X7C

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  ad2d9e0a510ddc1d0702eaf7ed5a6837fa29bbe720d338b980b68a7fe7167cc2
- Size
  
  746KB
- MD5
  
  e9554b51d7656459bbdbeae8805ec4f4
- SHA1
  
  60b7abbb34c376c7d57eab2d7724e66787c135bc
- SHA256
  
  ad2d9e0a510ddc1d0702eaf7ed5a6837fa29bbe720d338b980b68a7fe7167cc2
- SHA512
  
  fa427d3249cfaa5c27b919134b8c46136cf2da57c73d0547bd4cd9ca0e0e28b34a9f40ce5123ee5d1b6dfd6b2ab13a6190c3c2c0dba729abbff3e7854277ed93
- SSDEEP
  
  12288:my9064HXRP2fa09TG9PkqOnI/XLBbiGKfooGywZ+dnh59+9ewBt9XZ0Qw8ZDMWib:myE3RP2y0aPkrgXLEGqrHdnh597Q9X7C
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan