General

  • Target

    8fb50453aa1b38e7e4b3a8fdb02f33c5622a002fe0df201581187ca0a5b8de09

  • Size

    564KB

  • Sample

    230423-1ay7hshe9v

  • MD5

    b8af6cc60defa2e6c6584b9151baa5cf

  • SHA1

    d916a62a654e04bc0d4e13799571782872fb806f

  • SHA256

    8fb50453aa1b38e7e4b3a8fdb02f33c5622a002fe0df201581187ca0a5b8de09

  • SHA512

    aa264d520d5c74a8c3e24eeb9e5b782f85439248178be5e78ba42dd2550dc4d4e60e178bec863cfe6f034c14dd26c9d3e7007e7ef21bf8b4e61ab362e17afd43

  • SSDEEP

    12288:cy90CAby4g+h8ig7mDfKqRqbiwIlLzV0OPTnMP0DpSr8bPTQ:cy0y4PhAiDKqRLNXuOPDc08yPTQ

Malware Config

Targets

    • Target

      8fb50453aa1b38e7e4b3a8fdb02f33c5622a002fe0df201581187ca0a5b8de09

    • Size

      564KB

    • MD5

      b8af6cc60defa2e6c6584b9151baa5cf

    • SHA1

      d916a62a654e04bc0d4e13799571782872fb806f

    • SHA256

      8fb50453aa1b38e7e4b3a8fdb02f33c5622a002fe0df201581187ca0a5b8de09

    • SHA512

      aa264d520d5c74a8c3e24eeb9e5b782f85439248178be5e78ba42dd2550dc4d4e60e178bec863cfe6f034c14dd26c9d3e7007e7ef21bf8b4e61ab362e17afd43

    • SSDEEP

      12288:cy90CAby4g+h8ig7mDfKqRqbiwIlLzV0OPTnMP0DpSr8bPTQ:cy0y4PhAiDKqRLNXuOPDc08yPTQ

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks