94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4 | Triage

Sharing

General

Target

94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4
Size

691KB
Sample

230426-wt2drsba86
MD5

2939af54ec7ac240a0e1ecc621ad8e43
SHA1

a4cc3713140198dbfb6b52df85dea79f94e2998c
SHA256

94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4
SHA512

eaa4d3377320205811466d4c5fab57300f5d2413b785fdf29fde29bfcb891626f4b0e5e153e10d1ca6bec37711c696b4c30edacdc6b9e2edf414932ca3d3240d
SSDEEP

12288:1y90cDclXnR7Qwgx4A0LJuqLuZB/Sve2M7CGKANBfbzV/6u/m4kO:1yzKXnOw64NuqLAE22fANZbz3b

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4
- Size
  
  691KB
- MD5
  
  2939af54ec7ac240a0e1ecc621ad8e43
- SHA1
  
  a4cc3713140198dbfb6b52df85dea79f94e2998c
- SHA256
  
  94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4
- SHA512
  
  eaa4d3377320205811466d4c5fab57300f5d2413b785fdf29fde29bfcb891626f4b0e5e153e10d1ca6bec37711c696b4c30edacdc6b9e2edf414932ca3d3240d
- SSDEEP
  
  12288:1y90cDclXnR7Qwgx4A0LJuqLuZB/Sve2M7CGKANBfbzV/6u/m4kO:1yzKXnOw64NuqLAE22fANZbz3b
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan