ea03b958e3044c526be3f52e058bfd057fc1352f87e9f40a22c083a99b6c9b72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea03b958e3044c526be3f52e058bfd057fc1352f87e9f40a22c083a99b6c9b72
Size

563KB
Sample

230425-km4d1abc61
MD5

1f8e48c2ede00d7db3647ccf6245dcc5
SHA1

5596bb4827cc6955df0a22b841d311b773500812
SHA256

ea03b958e3044c526be3f52e058bfd057fc1352f87e9f40a22c083a99b6c9b72
SHA512

4d9619338e83ab18bc9a6867407a37a10aae238ca8fe4e9d91a4937fdb1b6fa0b36c859c4582dd0cfaefeb440c07a287251134e07e4d941983dd893c90c385dc
SSDEEP

12288:5y90bF9x4Dac8uo0zGXo0ZrCRlBA3M0aG7:5yuoacc0yhrCRlBA3Hh

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  ea03b958e3044c526be3f52e058bfd057fc1352f87e9f40a22c083a99b6c9b72
- Size
  
  563KB
- MD5
  
  1f8e48c2ede00d7db3647ccf6245dcc5
- SHA1
  
  5596bb4827cc6955df0a22b841d311b773500812
- SHA256
  
  ea03b958e3044c526be3f52e058bfd057fc1352f87e9f40a22c083a99b6c9b72
- SHA512
  
  4d9619338e83ab18bc9a6867407a37a10aae238ca8fe4e9d91a4937fdb1b6fa0b36c859c4582dd0cfaefeb440c07a287251134e07e4d941983dd893c90c385dc
- SSDEEP
  
  12288:5y90bF9x4Dac8uo0zGXo0ZrCRlBA3M0aG7:5yuoacc0yhrCRlBA3Hh
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan