c35c5568a760f4b03ad1f0316d56008bd0e42e8f9378a99af8dcddb633c34ea3 | Triage

Sharing

General

Target

c35c5568a760f4b03ad1f0316d56008bd0e42e8f9378a99af8dcddb633c34ea3
Size

697KB
Sample

230426-ktx6kaab8v
MD5

db68724b043fbb8561de194ab63b83a2
SHA1

45b7d2cfc356a47b10122d1d081a2800ff4e5515
SHA256

c35c5568a760f4b03ad1f0316d56008bd0e42e8f9378a99af8dcddb633c34ea3
SHA512

eec2b90b041be6e18f6c49bc9e57e81618026eb46d0545a3e16b2b5974dec9a6711f72af309048213bf5e1650f440fb74554ac2f0de09a3422ce2e4ca01ca13d
SSDEEP

12288:By90DtDl73tVmetssNWeC7L5ha+VdtGAcZh6SBH2Kkpdr8bgjzlbmW66q:ByUll73tVmetss/W5hRdyVBWKkp18bgO

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  c35c5568a760f4b03ad1f0316d56008bd0e42e8f9378a99af8dcddb633c34ea3
- Size
  
  697KB
- MD5
  
  db68724b043fbb8561de194ab63b83a2
- SHA1
  
  45b7d2cfc356a47b10122d1d081a2800ff4e5515
- SHA256
  
  c35c5568a760f4b03ad1f0316d56008bd0e42e8f9378a99af8dcddb633c34ea3
- SHA512
  
  eec2b90b041be6e18f6c49bc9e57e81618026eb46d0545a3e16b2b5974dec9a6711f72af309048213bf5e1650f440fb74554ac2f0de09a3422ce2e4ca01ca13d
- SSDEEP
  
  12288:By90DtDl73tVmetssNWeC7L5ha+VdtGAcZh6SBH2Kkpdr8bgjzlbmW66q:ByUll73tVmetss/W5hRdyVBWKkp18bgO
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan