9a55005ab12529cde78752fd23476d0440d31247449ec86999b554f08f9b8469 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

7.2MB
Sample

231012-f5bpgshg4w
MD5

e1f41a1d78614945b44e648155a13778
SHA1

d67ab2ac2f31a7fc778b0b5117715e6f0638d90f
SHA256

9a55005ab12529cde78752fd23476d0440d31247449ec86999b554f08f9b8469
SHA512

f70bf4a109ecbb6131d696fd3087c198ed5a4029ba47be0a0fcc2ad0b6bff080a054c8702e3fcf178f901605a23a4e570f8cba73a79234b54c723fc68376bfca
SSDEEP

196608:91OEbEp2HgtmQhl64gtK8GllcpCiXamcJPd/I:3OPp2HgQ88bKmchd/I

Score

10^/10

discovery evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  7.2MB
- MD5
  
  e1f41a1d78614945b44e648155a13778
- SHA1
  
  d67ab2ac2f31a7fc778b0b5117715e6f0638d90f
- SHA256
  
  9a55005ab12529cde78752fd23476d0440d31247449ec86999b554f08f9b8469
- SHA512
  
  f70bf4a109ecbb6131d696fd3087c198ed5a4029ba47be0a0fcc2ad0b6bff080a054c8702e3fcf178f901605a23a4e570f8cba73a79234b54c723fc68376bfca
- SSDEEP
  
  196608:91OEbEp2HgtmQhl64gtK8GllcpCiXamcJPd/I:3OPp2HgQ88bKmchd/I
Score

10^/10

discovery evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security bypass
  evasion trojan
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

behavioral2