4562f660cd6348ab9544b2e5a7f468ba0f99b6ba10e6feddb4fb4249f3078124 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4562f660cd6348ab9544b2e5a7f468ba0f99b6ba10e6feddb4fb4249f3078124
Size

552KB
Sample

230425-l8wrqabf5y
MD5

218189365241baebb6c81fc646335674
SHA1

a60bf3f6eeb8de740b58e1feab07ab6f3b201db7
SHA256

4562f660cd6348ab9544b2e5a7f468ba0f99b6ba10e6feddb4fb4249f3078124
SHA512

f2a2c6329f34de96969e2edfc163090718944ba9186d8234f4c1c8fd7108c6482e3784f27b3900002e8af80c8610a900ef65e099f212987f2935b6bfee51542a
SSDEEP

12288:Dy90UF74++a997JeQlu/jk/QSTdnvMmBByGAaA1h:DyBp59e5/jAQOvRYth

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  4562f660cd6348ab9544b2e5a7f468ba0f99b6ba10e6feddb4fb4249f3078124
- Size
  
  552KB
- MD5
  
  218189365241baebb6c81fc646335674
- SHA1
  
  a60bf3f6eeb8de740b58e1feab07ab6f3b201db7
- SHA256
  
  4562f660cd6348ab9544b2e5a7f468ba0f99b6ba10e6feddb4fb4249f3078124
- SHA512
  
  f2a2c6329f34de96969e2edfc163090718944ba9186d8234f4c1c8fd7108c6482e3784f27b3900002e8af80c8610a900ef65e099f212987f2935b6bfee51542a
- SSDEEP
  
  12288:Dy90UF74++a997JeQlu/jk/QSTdnvMmBByGAaA1h:DyBp59e5/jAQOvRYth
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan