89c932e1923b641af6b8168f1d52de46c75730e2ea4eb6fc4bddca7dca73453d | Triage

Sharing

General

Target

9f1037e1a78d92575622b2ca73c18b1a.exe
Size

376KB
Sample

230505-pnxeasad97
MD5

9f1037e1a78d92575622b2ca73c18b1a
SHA1

c767e045412b0bf78552d3aa0ad84e6895dc16ae
SHA256

89c932e1923b641af6b8168f1d52de46c75730e2ea4eb6fc4bddca7dca73453d
SHA512

5cbc5a5c10cd42e371c17f891302f9056256626c9e5d85662935407b43709e6bca3bf23dcf6658849a98b944b83db2270494e59595823584fd04601fb6f3e458
SSDEEP

6144:K8y+bnr+qp0yN90QElfqXp3NaN5GlOr9JeCNlgaNHlun4ZX3UyMU8xzue+94yRai:kMrKy90utgHUm9JpYa64hbMU8x6e+94C

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  9f1037e1a78d92575622b2ca73c18b1a.exe
- Size
  
  376KB
- MD5
  
  9f1037e1a78d92575622b2ca73c18b1a
- SHA1
  
  c767e045412b0bf78552d3aa0ad84e6895dc16ae
- SHA256
  
  89c932e1923b641af6b8168f1d52de46c75730e2ea4eb6fc4bddca7dca73453d
- SHA512
  
  5cbc5a5c10cd42e371c17f891302f9056256626c9e5d85662935407b43709e6bca3bf23dcf6658849a98b944b83db2270494e59595823584fd04601fb6f3e458
- SSDEEP
  
  6144:K8y+bnr+qp0yN90QElfqXp3NaN5GlOr9JeCNlgaNHlun4ZX3UyMU8xzue+94yRai:kMrKy90utgHUm9JpYa64hbMU8x6e+94C
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

behavioral2

discoveryevasionpersistencespywarestealertrojan