1e69796d19127d78f44f940b38b7384c52b3adb5457588e6df2bbf3e1426e774 | Triage

Sharing

General

Target

1e69796d19127d78f44f940b38b7384c52b3adb5457588e6df2bbf3e1426e774
Size

376KB
Sample

230505-j75l5aha37
MD5

6bb95a9e6ab7ad0b03149eb15d184b5a
SHA1

dda79c6122f1fcd96fc9afda3a4250964ea0930b
SHA256

1e69796d19127d78f44f940b38b7384c52b3adb5457588e6df2bbf3e1426e774
SHA512

2d4b02f363999258e24d9b7d5d7f79cc8e55f3db231e06ba0fb52a3c8143924334c1ca2ddd05b7699149a10b9a473aee82df6795e76cc70ff7da52dc0884d377
SSDEEP

6144:KHy+bnr+ip0yN90QEBPPn7WQ9NahkEyK/8E7gAR+RtgFQrsonQ0ptuw4adKhUk:xMrqy90n3vjyUE7gAmeFQrsSrx8Uk

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  1e69796d19127d78f44f940b38b7384c52b3adb5457588e6df2bbf3e1426e774
- Size
  
  376KB
- MD5
  
  6bb95a9e6ab7ad0b03149eb15d184b5a
- SHA1
  
  dda79c6122f1fcd96fc9afda3a4250964ea0930b
- SHA256
  
  1e69796d19127d78f44f940b38b7384c52b3adb5457588e6df2bbf3e1426e774
- SHA512
  
  2d4b02f363999258e24d9b7d5d7f79cc8e55f3db231e06ba0fb52a3c8143924334c1ca2ddd05b7699149a10b9a473aee82df6795e76cc70ff7da52dc0884d377
- SSDEEP
  
  6144:KHy+bnr+ip0yN90QEBPPn7WQ9NahkEyK/8E7gAR+RtgFQrsonQ0ptuw4adKhUk:xMrqy90n3vjyUE7gAmeFQrsSrx8Uk
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan