83cf1a0e95e1ea5a5780f49aab15c1aba377d4d280aa8fc3a7f8cc9a0b4f3e22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

7.2MB
Sample

231103-n2wjgsca95
MD5

8e03fddc51dbea3d46962e2b27810f3d
SHA1

90ccd0faef0ab7225a1f879fd818d7659b79826c
SHA256

83cf1a0e95e1ea5a5780f49aab15c1aba377d4d280aa8fc3a7f8cc9a0b4f3e22
SHA512

e9f1e39b5a045a08a59001debb7b4714ffdea937a2fb24bd7cef35da89f7635d8dabfe53485ba811b09e39fa1d612f2b7b02cfda84a7a9f5c787c6ed7deff72c
SSDEEP

196608:91OHECEyCZ9QSPUFKngcMbezZctfsggmeW0Eso:3OHEykfPUFKgLCz6KYP

Score

10^/10

discovery evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  7.2MB
- MD5
  
  8e03fddc51dbea3d46962e2b27810f3d
- SHA1
  
  90ccd0faef0ab7225a1f879fd818d7659b79826c
- SHA256
  
  83cf1a0e95e1ea5a5780f49aab15c1aba377d4d280aa8fc3a7f8cc9a0b4f3e22
- SHA512
  
  e9f1e39b5a045a08a59001debb7b4714ffdea937a2fb24bd7cef35da89f7635d8dabfe53485ba811b09e39fa1d612f2b7b02cfda84a7a9f5c787c6ed7deff72c
- SSDEEP
  
  196608:91OHECEyCZ9QSPUFKngcMbezZctfsggmeW0Eso:3OHEykfPUFKgLCz6KYP
Score

10^/10

discovery evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security bypass
  evasion trojan
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

behavioral2