41e4d3e198c0c8bed4db7bb6ce5d91572a802b5bf4f449ed8a6735634f42ed7e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41e4d3e198c0c8bed4db7bb6ce5d91572a802b5bf4f449ed8a6735634f42ed7e
Size

376KB
Sample

230505-c6n5esaa4z
MD5

494a68b438073c904ec614c7ab6ea09b
SHA1

8a336a41b6754949fed3aaa4abc9c8c101202a7d
SHA256

41e4d3e198c0c8bed4db7bb6ce5d91572a802b5bf4f449ed8a6735634f42ed7e
SHA512

941242b1a956d58ec80a71000288c41e3ee45501771375dabf4167bd844dbdf94d9ae848c8f8203019d78f3195f1006802d4a2b969d46a8b4495d22f73638f20
SSDEEP

6144:KOy+bnr+Vp0yN90QE90q2niJD5OEkWTjBN6IN5IdHy65xTSO7i80WfqA7T5FskQw:eMrdy90f0nni6q6SGNt0Wfq69Fl

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  41e4d3e198c0c8bed4db7bb6ce5d91572a802b5bf4f449ed8a6735634f42ed7e
- Size
  
  376KB
- MD5
  
  494a68b438073c904ec614c7ab6ea09b
- SHA1
  
  8a336a41b6754949fed3aaa4abc9c8c101202a7d
- SHA256
  
  41e4d3e198c0c8bed4db7bb6ce5d91572a802b5bf4f449ed8a6735634f42ed7e
- SHA512
  
  941242b1a956d58ec80a71000288c41e3ee45501771375dabf4167bd844dbdf94d9ae848c8f8203019d78f3195f1006802d4a2b969d46a8b4495d22f73638f20
- SSDEEP
  
  6144:KOy+bnr+Vp0yN90QE90q2niJD5OEkWTjBN6IN5IdHy65xTSO7i80WfqA7T5FskQw:eMrdy90f0nni6q6SGNt0Wfq69Fl
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan