0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9 | Triage

Sharing

General

Target

0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9
Size

1.6MB
Sample

200630-7ng7rgabda
MD5

1930ca258642f47145ba36729c6fbc6f
SHA1

c8248b016315f79cac43e5dd17c677f33b0042e1
SHA256

0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9
SHA512

89ca63e4a781a309ceec1ef36deddd5c7fc061f03e10413ba5b5e6618bef94b991c76121b95372db90b433c402472dba1c99d9574b05ea97714b84b61852f89a

Score

7^/10

discovery persistence spyware

Malware Config

Targets

- Target
  
  0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9
- Size
  
  1.6MB
- MD5
  
  1930ca258642f47145ba36729c6fbc6f
- SHA1
  
  c8248b016315f79cac43e5dd17c677f33b0042e1
- SHA256
  
  0437a3b7c497908d0dc489a1b21cf395b76eedae8f1a1b473ecbb5f02e892bf9
- SHA512
  
  89ca63e4a781a309ceec1ef36deddd5c7fc061f03e10413ba5b5e6618bef94b991c76121b95372db90b433c402472dba1c99d9574b05ea97714b84b61852f89a
Score

7^/10

spyware discovery persistence
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks for installed software on the system
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies service
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarediscoverypersistence

behavioral2