General

  • Target

    cc4a349c91cbce2224f7ff31f71ca2999d031cf2e5025fc33d1018740c6509ac

  • Size

    965KB

  • Sample

    230422-lvwjssfh8t

  • MD5

    746de7b60c813a39005e853a06dc4b49

  • SHA1

    96cbb6831db80c0dc36a886f64814388dc285384

  • SHA256

    cc4a349c91cbce2224f7ff31f71ca2999d031cf2e5025fc33d1018740c6509ac

  • SHA512

    8640787225618200bee844e368ae64a50860c1d5a2ca7078d53a83e25491a183b2dcfa5cc0d9d6e422718d23386a7b12ac29a4f2da44fc404d60eade123fd88b

  • SSDEEP

    24576:Eygx49ZHgQqKdM51bbiO2ytz+0AEN/B1:TgjQ8aODpN/B

Malware Config

Targets

    • Target

      cc4a349c91cbce2224f7ff31f71ca2999d031cf2e5025fc33d1018740c6509ac

    • Size

      965KB

    • MD5

      746de7b60c813a39005e853a06dc4b49

    • SHA1

      96cbb6831db80c0dc36a886f64814388dc285384

    • SHA256

      cc4a349c91cbce2224f7ff31f71ca2999d031cf2e5025fc33d1018740c6509ac

    • SHA512

      8640787225618200bee844e368ae64a50860c1d5a2ca7078d53a83e25491a183b2dcfa5cc0d9d6e422718d23386a7b12ac29a4f2da44fc404d60eade123fd88b

    • SSDEEP

      24576:Eygx49ZHgQqKdM51bbiO2ytz+0AEN/B1:TgjQ8aODpN/B

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks