3eeb26db50d06f1e1b671307eb0785912d9d2f931ab3c78f93719efd8573df77 | Triage

Sharing

General

Target

3eeb26db50d06f1e1b671307eb0785912d9d2f931ab3c78f93719efd8573df77
Size

696KB
Sample

230426-k2wmpsgc98
MD5

ade53d35f2be4c17b5ebfdcf9636c6c5
SHA1

b9e75639864f1f89522068f02fead06c48e252f9
SHA256

3eeb26db50d06f1e1b671307eb0785912d9d2f931ab3c78f93719efd8573df77
SHA512

4be2601542dbd98920166a70f490e7c6deb03b566c231c1f44d9284e6b56c0d31fbbf3ad894cad93a20116c769bbf8f9123c7fbe12f14e9da50bb65dddaec59e
SSDEEP

12288:Ey90il4p9Y1qKrCQxVxVKZwuS5cgCBf9cL9Iwwkwn0S1riwbjA:EyBlUY7CQxVxYZwJ229Q3rJc

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3eeb26db50d06f1e1b671307eb0785912d9d2f931ab3c78f93719efd8573df77
- Size
  
  696KB
- MD5
  
  ade53d35f2be4c17b5ebfdcf9636c6c5
- SHA1
  
  b9e75639864f1f89522068f02fead06c48e252f9
- SHA256
  
  3eeb26db50d06f1e1b671307eb0785912d9d2f931ab3c78f93719efd8573df77
- SHA512
  
  4be2601542dbd98920166a70f490e7c6deb03b566c231c1f44d9284e6b56c0d31fbbf3ad894cad93a20116c769bbf8f9123c7fbe12f14e9da50bb65dddaec59e
- SSDEEP
  
  12288:Ey90il4p9Y1qKrCQxVxVKZwuS5cgCBf9cL9Iwwkwn0S1riwbjA:EyBlUY7CQxVxYZwJ229Q3rJc
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan