88a2542879ee2ac2407546b6726010c468ed13cda54479da5760752e4b8973a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88a2542879ee2ac2407546b6726010c468ed13cda54479da5760752e4b8973a8
Size

695KB
Sample

230426-aewzvadh39
MD5

9b3e986d74f28f1316a3e59c1940b607
SHA1

b99f9087821b571b1ea0a228ba28b9367edfc13c
SHA256

88a2542879ee2ac2407546b6726010c468ed13cda54479da5760752e4b8973a8
SHA512

84410256669d5c7d02fdff6a79ad6d62664915ae323933f5a36fd5a78611c809967a108e62ba956f3b525a2222b2fff87ed65b7f08f76ddef7f0ecf179323e51
SSDEEP

12288:qy90eKU2GpFC+wsHwjOLIU2uqGZJ4bWW6Kw18b+KRA+6moxfhlHK:qyMUyjjRL6Kw18b+WcxfbK

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  88a2542879ee2ac2407546b6726010c468ed13cda54479da5760752e4b8973a8
- Size
  
  695KB
- MD5
  
  9b3e986d74f28f1316a3e59c1940b607
- SHA1
  
  b99f9087821b571b1ea0a228ba28b9367edfc13c
- SHA256
  
  88a2542879ee2ac2407546b6726010c468ed13cda54479da5760752e4b8973a8
- SHA512
  
  84410256669d5c7d02fdff6a79ad6d62664915ae323933f5a36fd5a78611c809967a108e62ba956f3b525a2222b2fff87ed65b7f08f76ddef7f0ecf179323e51
- SSDEEP
  
  12288:qy90eKU2GpFC+wsHwjOLIU2uqGZJ4bWW6Kw18b+KRA+6moxfhlHK:qyMUyjjRL6Kw18b+WcxfbK
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan