e7b00f2e1d8078b6b36f0f6478c651ca1e8116a2a47979648cd8352ff1f94a78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7b00f2e1d8078b6b36f0f6478c651ca1e8116a2a47979648cd8352ff1f94a78
Size

1.1MB
Sample

230426-bcvvfaga4w
MD5

805c892aff3e6ef78392833b43d9e085
SHA1

27ab514c7c624243688518a468eb52bdeed3daf7
SHA256

e7b00f2e1d8078b6b36f0f6478c651ca1e8116a2a47979648cd8352ff1f94a78
SHA512

8991a3b7520d7ec14fabb90938b06549539f6594646abb7905427b9008bfe52228e50f3721b35b0d2e5e3500ca74896ca4de16fae2c045860f5cc4b3f84ba742
SSDEEP

24576:Sy2bxXq2OL5XAyjM5B3eFteDb4t6F7I8btjpTiX:5sXqXL3M5Be7TE7dJxi

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  e7b00f2e1d8078b6b36f0f6478c651ca1e8116a2a47979648cd8352ff1f94a78
- Size
  
  1.1MB
- MD5
  
  805c892aff3e6ef78392833b43d9e085
- SHA1
  
  27ab514c7c624243688518a468eb52bdeed3daf7
- SHA256
  
  e7b00f2e1d8078b6b36f0f6478c651ca1e8116a2a47979648cd8352ff1f94a78
- SHA512
  
  8991a3b7520d7ec14fabb90938b06549539f6594646abb7905427b9008bfe52228e50f3721b35b0d2e5e3500ca74896ca4de16fae2c045860f5cc4b3f84ba742
- SSDEEP
  
  24576:Sy2bxXq2OL5XAyjM5B3eFteDb4t6F7I8btjpTiX:5sXqXL3M5Be7TE7dJxi
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan