fe635fec991030ec06e80ccd5d44c77dcdc89e994b31d18e6199b90e6aa301b9 | Triage

Sharing

General

Target

fe635fec991030ec06e80ccd5d44c77dcdc89e994b31d18e6199b90e6aa301b9
Size

599KB
Sample

230504-rc8z3ach29
MD5

4fa978c11971bda33dc49229d7b0a0d0
SHA1

04210e8290eece9b534648e88d26568e7dc2579f
SHA256

fe635fec991030ec06e80ccd5d44c77dcdc89e994b31d18e6199b90e6aa301b9
SHA512

c9790f0371dc9748bb02ef756c9c53c3c2f5b31de4e72327c7981736153d5f9459cbf8214153f653276d7c432abb18f8e456dd2a04854e0259168125db2223b1
SSDEEP

12288:TMrAy90znvETSoX1I2OEEhIP8RUZMuYPH3MaCqOjYLA1bMbHj:fyUnvE+ga2LEzFPH3MahO5eHj

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  fe635fec991030ec06e80ccd5d44c77dcdc89e994b31d18e6199b90e6aa301b9
- Size
  
  599KB
- MD5
  
  4fa978c11971bda33dc49229d7b0a0d0
- SHA1
  
  04210e8290eece9b534648e88d26568e7dc2579f
- SHA256
  
  fe635fec991030ec06e80ccd5d44c77dcdc89e994b31d18e6199b90e6aa301b9
- SHA512
  
  c9790f0371dc9748bb02ef756c9c53c3c2f5b31de4e72327c7981736153d5f9459cbf8214153f653276d7c432abb18f8e456dd2a04854e0259168125db2223b1
- SSDEEP
  
  12288:TMrAy90znvETSoX1I2OEEhIP8RUZMuYPH3MaCqOjYLA1bMbHj:fyUnvE+ga2LEzFPH3MahO5eHj
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan