6384296a5cf93f42dab8c4ad3f0acf6fce1c24d840f833b3b0a92916855af8a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6384296a5cf93f42dab8c4ad3f0acf6fce1c24d840f833b3b0a92916855af8a4
Size

699KB
Sample

230425-j6b87ahd29
MD5

0d01cd12ef4bb608ca8f6d1b7922d40f
SHA1

d74bedbb6fd5b539374ae8a5dc80c12830e769e3
SHA256

6384296a5cf93f42dab8c4ad3f0acf6fce1c24d840f833b3b0a92916855af8a4
SHA512

e61519116e99920b232a34f08a353a1d52894565418edd20101b06c4d625fa894878ae0797c49c62119308c8eb57414d426dc57207f6accda266b7f89c1a8ef5
SSDEEP

12288:Ny90TPCxVNjuyI3zhnxgT0ylak/wjDgGhpQaZiR7/nOyO:NyqYVN/0xOqk/wjB9ZiR7/nO3

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6384296a5cf93f42dab8c4ad3f0acf6fce1c24d840f833b3b0a92916855af8a4
- Size
  
  699KB
- MD5
  
  0d01cd12ef4bb608ca8f6d1b7922d40f
- SHA1
  
  d74bedbb6fd5b539374ae8a5dc80c12830e769e3
- SHA256
  
  6384296a5cf93f42dab8c4ad3f0acf6fce1c24d840f833b3b0a92916855af8a4
- SHA512
  
  e61519116e99920b232a34f08a353a1d52894565418edd20101b06c4d625fa894878ae0797c49c62119308c8eb57414d426dc57207f6accda266b7f89c1a8ef5
- SSDEEP
  
  12288:Ny90TPCxVNjuyI3zhnxgT0ylak/wjDgGhpQaZiR7/nOyO:NyqYVN/0xOqk/wjB9ZiR7/nO3
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan