7077115671e8e88a29a2fa8de3d267e14b51e1599a6ece35a6754180da7b2cb4 | Triage

Sharing

General

Target

7077115671e8e88a29a2fa8de3d267e14b51e1599a6ece35a6754180da7b2cb4
Size

690KB
Sample

230426-ykawkabe63
MD5

ff0f35f9e30e2ba25df8a546354fe69c
SHA1

33146ae497e1ee586cd64257d12c882b5c84d337
SHA256

7077115671e8e88a29a2fa8de3d267e14b51e1599a6ece35a6754180da7b2cb4
SHA512

4fff4b0fde4d5c4c30d0a3930b917cde1b00a8fa0018f16ca2e055bdd7f3f49d1941fe65413f6d42879e7dce6cb7219ca9cd7c6e1d3773aee0badb89d8698331
SSDEEP

12288:Uy90KddaSjR9iEXS4+60g77m0jXz62EHBGPniNAmet1i2JzWVvo:Uy9hjRvQTq1Xz62EH5NG1bJaBo

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  7077115671e8e88a29a2fa8de3d267e14b51e1599a6ece35a6754180da7b2cb4
- Size
  
  690KB
- MD5
  
  ff0f35f9e30e2ba25df8a546354fe69c
- SHA1
  
  33146ae497e1ee586cd64257d12c882b5c84d337
- SHA256
  
  7077115671e8e88a29a2fa8de3d267e14b51e1599a6ece35a6754180da7b2cb4
- SHA512
  
  4fff4b0fde4d5c4c30d0a3930b917cde1b00a8fa0018f16ca2e055bdd7f3f49d1941fe65413f6d42879e7dce6cb7219ca9cd7c6e1d3773aee0badb89d8698331
- SSDEEP
  
  12288:Uy90KddaSjR9iEXS4+60g77m0jXz62EHBGPniNAmet1i2JzWVvo:Uy9hjRvQTq1Xz62EH5NG1bJaBo
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan