General

  • Target

    b25dba4c7c32d4c725e39a8a5156a87cad21802fa6e6d162a47e781c9f12aa4a

  • Size

    965KB

  • Sample

    230419-kfje9abb8w

  • MD5

    44f36ddeccbc7a1492208a534ecc1208

  • SHA1

    49df098087e5278f9218b96b7fe436fedf29c4c9

  • SHA256

    b25dba4c7c32d4c725e39a8a5156a87cad21802fa6e6d162a47e781c9f12aa4a

  • SHA512

    08b133430de2052c74dc829a04c70952e4980facdc3a55fc3f4525a2fcaab8bc26caa76d6b7c2241bc918dae950cd7bda5bab5d8c6801e4bef45bf9e3cb05bfb

  • SSDEEP

    24576:ry6l1JJz15OdDPDbypc3YHqNIZxkptvd:eaZh5bS3YHqgkptv

Malware Config

Targets

    • Target

      b25dba4c7c32d4c725e39a8a5156a87cad21802fa6e6d162a47e781c9f12aa4a

    • Size

      965KB

    • MD5

      44f36ddeccbc7a1492208a534ecc1208

    • SHA1

      49df098087e5278f9218b96b7fe436fedf29c4c9

    • SHA256

      b25dba4c7c32d4c725e39a8a5156a87cad21802fa6e6d162a47e781c9f12aa4a

    • SHA512

      08b133430de2052c74dc829a04c70952e4980facdc3a55fc3f4525a2fcaab8bc26caa76d6b7c2241bc918dae950cd7bda5bab5d8c6801e4bef45bf9e3cb05bfb

    • SSDEEP

      24576:ry6l1JJz15OdDPDbypc3YHqNIZxkptvd:eaZh5bS3YHqgkptv

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks