644f73adb1cc85151919c8e130617dc4cadc41931b2efbfeff9019c96fb8ce57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

644f73adb1cc85151919c8e130617dc4cadc41931b2efbfeff9019c96fb8ce57
Size

589KB
Sample

230504-l7je1add3x
MD5

f4de1fc3b42e4d8892e2ef5ffaf2127f
SHA1

132869ac392c69b49ae844f2c572f17d9eafe86d
SHA256

644f73adb1cc85151919c8e130617dc4cadc41931b2efbfeff9019c96fb8ce57
SHA512

aa44408b86c6aff33fbbb341af6eeecc0fe7aeac5da6115ef2175e781862dfad97ae49bc0313026a4ad0df3dc72c1a9c305337198655d19aa503f9c271a4f6b9
SSDEEP

12288:bMr7y902EiOYjtlCSLeC9JmrnsZHhiisl61Ej00H53uvU2B5SMjKdM+:MydEjYuAeEEnQknl6Sw4puvcp

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  644f73adb1cc85151919c8e130617dc4cadc41931b2efbfeff9019c96fb8ce57
- Size
  
  589KB
- MD5
  
  f4de1fc3b42e4d8892e2ef5ffaf2127f
- SHA1
  
  132869ac392c69b49ae844f2c572f17d9eafe86d
- SHA256
  
  644f73adb1cc85151919c8e130617dc4cadc41931b2efbfeff9019c96fb8ce57
- SHA512
  
  aa44408b86c6aff33fbbb341af6eeecc0fe7aeac5da6115ef2175e781862dfad97ae49bc0313026a4ad0df3dc72c1a9c305337198655d19aa503f9c271a4f6b9
- SSDEEP
  
  12288:bMr7y902EiOYjtlCSLeC9JmrnsZHhiisl61Ej00H53uvU2B5SMjKdM+:MydEjYuAeEEnQknl6Sw4puvcp
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan