General

  • Target

    3d168c1e6c92f6a0fa14e20cf38daa406c41e3a21207873c13cdfe259e8eec76

  • Size

    1.2MB

  • Sample

    230423-1atl2ahe9t

  • MD5

    2c1245cd0233187d81838a00e6f53e4b

  • SHA1

    c2d75a0409dc73cfc2d31eb25d1ff71b232bae3b

  • SHA256

    3d168c1e6c92f6a0fa14e20cf38daa406c41e3a21207873c13cdfe259e8eec76

  • SHA512

    faac9bb1d70dfd58a04b5a6121ef43eed9422785eca88d72b8740b5225cef3f199a0696974e8a5af6bd37ca30483c988bbe440f835baadb760b374afa0951c0d

  • SSDEEP

    24576:Bu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:40+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      3d168c1e6c92f6a0fa14e20cf38daa406c41e3a21207873c13cdfe259e8eec76

    • Size

      1.2MB

    • MD5

      2c1245cd0233187d81838a00e6f53e4b

    • SHA1

      c2d75a0409dc73cfc2d31eb25d1ff71b232bae3b

    • SHA256

      3d168c1e6c92f6a0fa14e20cf38daa406c41e3a21207873c13cdfe259e8eec76

    • SHA512

      faac9bb1d70dfd58a04b5a6121ef43eed9422785eca88d72b8740b5225cef3f199a0696974e8a5af6bd37ca30483c988bbe440f835baadb760b374afa0951c0d

    • SSDEEP

      24576:Bu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:40+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks