d7f41eb0839f0c890f16266e2cbf9aad40b4bb7c2bc5317c609c9705fc7df099 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d7f41eb0839f0c890f16266e2cbf9aad40b4bb7c2bc5317c609c9705fc7df099
Size

644KB
Sample

230426-mgff4agf92
MD5

b455ead07409ca1d1610918ed286abdd
SHA1

30b957751402340a71d716f321d0eccb9ae46aa1
SHA256

d7f41eb0839f0c890f16266e2cbf9aad40b4bb7c2bc5317c609c9705fc7df099
SHA512

02e7817328779c4d09376ce94a0c5fc729cfbc46dbdb4ad143dec96143780aa9290b4e555febac5e0cf8070c31e76b04020b4b4c2f49cfd33c64da7e7450b6fc
SSDEEP

12288:Uy90TOKaQtIOWp2eRwXWZQjZRvu0Nx0iSDe7oDjL4cZ:UyMOKVto2jmZA9Ruje7oDAcZ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  d7f41eb0839f0c890f16266e2cbf9aad40b4bb7c2bc5317c609c9705fc7df099
- Size
  
  644KB
- MD5
  
  b455ead07409ca1d1610918ed286abdd
- SHA1
  
  30b957751402340a71d716f321d0eccb9ae46aa1
- SHA256
  
  d7f41eb0839f0c890f16266e2cbf9aad40b4bb7c2bc5317c609c9705fc7df099
- SHA512
  
  02e7817328779c4d09376ce94a0c5fc729cfbc46dbdb4ad143dec96143780aa9290b4e555febac5e0cf8070c31e76b04020b4b4c2f49cfd33c64da7e7450b6fc
- SSDEEP
  
  12288:Uy90TOKaQtIOWp2eRwXWZQjZRvu0Nx0iSDe7oDjL4cZ:UyMOKVto2jmZA9Ruje7oDAcZ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan