a7421aaa0eb4b35b1bd5a858c4747b8e18978c68af6976555846813bb7961698 | Triage

Sharing

General

Target

a7421aaa0eb4b35b1bd5a858c4747b8e18978c68af6976555846813bb7961698
Size

695KB
Sample

230425-yqgajacf64
MD5

a25f21b400b2c63dac88c739b609429a
SHA1

762d7636a1921eba03bc88f26262531a69c420e6
SHA256

a7421aaa0eb4b35b1bd5a858c4747b8e18978c68af6976555846813bb7961698
SHA512

cff0bd20ceda965664dc951904d05b6047b1cc31cea31ec799c490e0a171e5f5bacc07ee506878e4fd6df5727c6ade57e0710c95501913dcb2e1d041358b977f
SSDEEP

12288:ly90WwSd+CyPYo9JSG42gQq/V22bpX9wQzy6LUimIB1gJs:lyqq+CDkAGzqdXptwQrDT

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  a7421aaa0eb4b35b1bd5a858c4747b8e18978c68af6976555846813bb7961698
- Size
  
  695KB
- MD5
  
  a25f21b400b2c63dac88c739b609429a
- SHA1
  
  762d7636a1921eba03bc88f26262531a69c420e6
- SHA256
  
  a7421aaa0eb4b35b1bd5a858c4747b8e18978c68af6976555846813bb7961698
- SHA512
  
  cff0bd20ceda965664dc951904d05b6047b1cc31cea31ec799c490e0a171e5f5bacc07ee506878e4fd6df5727c6ade57e0710c95501913dcb2e1d041358b977f
- SSDEEP
  
  12288:ly90WwSd+CyPYo9JSG42gQq/V22bpX9wQzy6LUimIB1gJs:lyqq+CDkAGzqdXptwQrDT
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan