10618c686daa3f878ac92104e7c8e0c1529434b616266723776e4a9c88170c5c | Triage

Sharing

General

Target

03ff68c776a2d6b53fb37632da2b1fb0N.exe
Size

6.4MB
Sample

240721-yw1alasdmf
MD5

03ff68c776a2d6b53fb37632da2b1fb0
SHA1

7c4783f0df0136b0743ed246778442a3a4a81b89
SHA256

10618c686daa3f878ac92104e7c8e0c1529434b616266723776e4a9c88170c5c
SHA512

65faba2b8d39378d67ee70e5b2e05f617a6fd4d15e9dd78e0d2f1419e5da216237b62c96827b15c8da96d932869617fc7f930b4496d1a75382f6b2ec230055ff
SSDEEP

196608:91Okl7QcP1p+o5ETEunJjvC7oUoa7m1QtdcwG:3OgV9cOEounJjvMoVa7mwHG

Score

10^/10

discovery evasion execution spyware stealer trojan

Malware Config

Targets

- Target
  
  03ff68c776a2d6b53fb37632da2b1fb0N.exe
- Size
  
  6.4MB
- MD5
  
  03ff68c776a2d6b53fb37632da2b1fb0
- SHA1
  
  7c4783f0df0136b0743ed246778442a3a4a81b89
- SHA256
  
  10618c686daa3f878ac92104e7c8e0c1529434b616266723776e4a9c88170c5c
- SHA512
  
  65faba2b8d39378d67ee70e5b2e05f617a6fd4d15e9dd78e0d2f1419e5da216237b62c96827b15c8da96d932869617fc7f930b4496d1a75382f6b2ec230055ff
- SSDEEP
  
  196608:91Okl7QcP1p+o5ETEunJjvC7oUoa7m1QtdcwG:3OgV9cOEounJjvMoVa7mwHG
Score

10^/10

evasion execution spyware stealer trojan discovery
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security bypass
  evasion trojan
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionspywarestealertrojan

behavioral2

discoveryexecutionspywarestealer