b493a71d8dda85b65299d6885a372e09f934329a503427acd3e7ba05297834c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b493a71d8dda85b65299d6885a372e09f934329a503427acd3e7ba05297834c2
Size

376KB
Sample

230505-gtahqaae7s
MD5

39a08c852225bd22ef048d0b2170c3d6
SHA1

c8bcba1922100bdfd8773b35b6bb936818bc4b9e
SHA256

b493a71d8dda85b65299d6885a372e09f934329a503427acd3e7ba05297834c2
SHA512

d5c1cd30f28022e11450bfe5ef5e240f985c9d1ec92e4b4004ec0d08a8bcbf29f16e874e5dea4f36f6102b4d6d949fbabf8bf86787756f459a6f223370af2bf8
SSDEEP

6144:KLy+bnr++p0yN90QEouMdjP/0zGdErFxswm49A8Ez7cYbhrKcOMT68n:ZMrGy90WuMdjDErFxFphEz7cY0cOMJ

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  b493a71d8dda85b65299d6885a372e09f934329a503427acd3e7ba05297834c2
- Size
  
  376KB
- MD5
  
  39a08c852225bd22ef048d0b2170c3d6
- SHA1
  
  c8bcba1922100bdfd8773b35b6bb936818bc4b9e
- SHA256
  
  b493a71d8dda85b65299d6885a372e09f934329a503427acd3e7ba05297834c2
- SHA512
  
  d5c1cd30f28022e11450bfe5ef5e240f985c9d1ec92e4b4004ec0d08a8bcbf29f16e874e5dea4f36f6102b4d6d949fbabf8bf86787756f459a6f223370af2bf8
- SSDEEP
  
  6144:KLy+bnr++p0yN90QEouMdjP/0zGdErFxswm49A8Ez7cYbhrKcOMT68n:ZMrGy90WuMdjDErFxFphEz7cY0cOMJ
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan