General

  • Target

    e161025a0852bb3496c402d56ab72757b6538a7e341e91615fbf01271d9fda54

  • Size

    1.1MB

  • Sample

    230418-wtgz5adc33

  • MD5

    8781c8d2f936241d3b8f5eaac82fdd9b

  • SHA1

    c9c40167a103a97516ca89eea698116c1c55a4a3

  • SHA256

    e161025a0852bb3496c402d56ab72757b6538a7e341e91615fbf01271d9fda54

  • SHA512

    b3f560e22e287f891cd1cba18e282f2a70e362ed58e6846038d200e5f6b3c32ad4f67c339d8f8bf68afa1484691ad7daf2e9a10c79ccb5cb86265b48f902773c

  • SSDEEP

    24576:8yNU3Lu49synQQ0uCHlV82ao3iI8U/adIvz:rNKnQQArKFIdF

Malware Config

Targets

    • Target

      e161025a0852bb3496c402d56ab72757b6538a7e341e91615fbf01271d9fda54

    • Size

      1.1MB

    • MD5

      8781c8d2f936241d3b8f5eaac82fdd9b

    • SHA1

      c9c40167a103a97516ca89eea698116c1c55a4a3

    • SHA256

      e161025a0852bb3496c402d56ab72757b6538a7e341e91615fbf01271d9fda54

    • SHA512

      b3f560e22e287f891cd1cba18e282f2a70e362ed58e6846038d200e5f6b3c32ad4f67c339d8f8bf68afa1484691ad7daf2e9a10c79ccb5cb86265b48f902773c

    • SSDEEP

      24576:8yNU3Lu49synQQ0uCHlV82ao3iI8U/adIvz:rNKnQQArKFIdF

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.