c698ccdc1d983357c2bc0f4676f0a87c9e169c5fa2bb03791bf125b29d9ec60a | Triage

Sharing

General

Target

NEAS.d48a5a565ae0deacfdf2295468c6e720.exe
Size

3.1MB
Sample

231013-zhyqaahb5z
MD5

d48a5a565ae0deacfdf2295468c6e720
SHA1

b8da6fc467e76a2c974741430263ca9ec78364ad
SHA256

c698ccdc1d983357c2bc0f4676f0a87c9e169c5fa2bb03791bf125b29d9ec60a
SHA512

b90199307cdc5a55fc0910dd9ead532de2930114b525d00b6855186381d59056d3b1565940d43cc378f07da90a3858160937c698154e5cc3fd56b31037cc2301
SSDEEP

49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG97G:ZXRO0hkr2Rxt+eb

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  NEAS.d48a5a565ae0deacfdf2295468c6e720.exe
- Size
  
  3.1MB
- MD5
  
  d48a5a565ae0deacfdf2295468c6e720
- SHA1
  
  b8da6fc467e76a2c974741430263ca9ec78364ad
- SHA256
  
  c698ccdc1d983357c2bc0f4676f0a87c9e169c5fa2bb03791bf125b29d9ec60a
- SHA512
  
  b90199307cdc5a55fc0910dd9ead532de2930114b525d00b6855186381d59056d3b1565940d43cc378f07da90a3858160937c698154e5cc3fd56b31037cc2301
- SSDEEP
  
  49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG97G:ZXRO0hkr2Rxt+eb
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan