General

  • Target

    2a448c76b69ca38c229a5426e1e46f1df05e97ec673c90975c3ea911586f92f4

  • Size

    706KB

  • Sample

    230422-jr651sdf49

  • MD5

    5723317f635735a8a5e60a0f6097f249

  • SHA1

    210c5cf6fa9c6e6d2497c076e9927b8f1ad1a396

  • SHA256

    2a448c76b69ca38c229a5426e1e46f1df05e97ec673c90975c3ea911586f92f4

  • SHA512

    c08c379c2173e666b6c02602ff1a7bfb3d9c71cf24edcbfa751952a0917c9c76f47b4062106aab6d2332c5eb92d9f1a56733025bd89ed93381acbf6301b1940c

  • SSDEEP

    12288:ty90Y+OBtr+zcwvS3ozPswjNlf3c1Ezf5smuOjztq9n3fpu0xEVsqUAw4uT9Ja:ty5+c4zcHoz5vc1EzvuOjs93hu0GsqUu

Malware Config

Targets

    • Target

      2a448c76b69ca38c229a5426e1e46f1df05e97ec673c90975c3ea911586f92f4

    • Size

      706KB

    • MD5

      5723317f635735a8a5e60a0f6097f249

    • SHA1

      210c5cf6fa9c6e6d2497c076e9927b8f1ad1a396

    • SHA256

      2a448c76b69ca38c229a5426e1e46f1df05e97ec673c90975c3ea911586f92f4

    • SHA512

      c08c379c2173e666b6c02602ff1a7bfb3d9c71cf24edcbfa751952a0917c9c76f47b4062106aab6d2332c5eb92d9f1a56733025bd89ed93381acbf6301b1940c

    • SSDEEP

      12288:ty90Y+OBtr+zcwvS3ozPswjNlf3c1Ezf5smuOjztq9n3fpu0xEVsqUAw4uT9Ja:ty5+c4zcHoz5vc1EzvuOjs93hu0GsqUu

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks