6485f72d6dd24c7886a518bba2e857336e63ab84102129e2b5f454c45d6d6a59 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6485f72d6dd24c7886a518bba2e857336e63ab84102129e2b5f454c45d6d6a59
Size

700KB
Sample

230425-ltv7msbe8w
MD5

870e9ab678ee4dc285abf7fa7e57ab5c
SHA1

1d8c86852a8902c76ec7189e7778635d10b15aab
SHA256

6485f72d6dd24c7886a518bba2e857336e63ab84102129e2b5f454c45d6d6a59
SHA512

aa61cad3ada10cb3e0b1e674a2ba3261468c82fb4f75e993e9a9e0be5d2cd650029565d577ac58c6d32b0610d10abcbb1b9b65abcfd5113bff1e3cf95ef09f6d
SSDEEP

12288:9y90igM9RacAnu4VwAisvwAZ6wo7x3rwbjzSTvYv9mSIqiAqyXOyE:9yfg+RdIu4Vl/T6v7lsjzhvd/CyPE

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  6485f72d6dd24c7886a518bba2e857336e63ab84102129e2b5f454c45d6d6a59
- Size
  
  700KB
- MD5
  
  870e9ab678ee4dc285abf7fa7e57ab5c
- SHA1
  
  1d8c86852a8902c76ec7189e7778635d10b15aab
- SHA256
  
  6485f72d6dd24c7886a518bba2e857336e63ab84102129e2b5f454c45d6d6a59
- SHA512
  
  aa61cad3ada10cb3e0b1e674a2ba3261468c82fb4f75e993e9a9e0be5d2cd650029565d577ac58c6d32b0610d10abcbb1b9b65abcfd5113bff1e3cf95ef09f6d
- SSDEEP
  
  12288:9y90igM9RacAnu4VwAisvwAZ6wo7x3rwbjzSTvYv9mSIqiAqyXOyE:9yfg+RdIu4Vl/T6v7lsjzhvd/CyPE
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan