General

  • Target

    1d528029d0ffb09f9d2fe3c4044033e271f59fe3f79af3f934087cd5f493cd0c

  • Size

    1.2MB

  • Sample

    230423-1bhwxshe9z

  • MD5

    2c5b57c9ee8c477eda2531899ff4de90

  • SHA1

    6e7318d8554c6d1c56a6c5bfdd22016bbf43b6fd

  • SHA256

    1d528029d0ffb09f9d2fe3c4044033e271f59fe3f79af3f934087cd5f493cd0c

  • SHA512

    05a4e63d73aa3c74814b78354624b21aa707b79f8e1ae6543c621ce817d5ecef55117d7e3d49684345ab09e782898558abfe0ccdfb4276dc8b79f86ddd996b63

  • SSDEEP

    24576:Au0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:N0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      1d528029d0ffb09f9d2fe3c4044033e271f59fe3f79af3f934087cd5f493cd0c

    • Size

      1.2MB

    • MD5

      2c5b57c9ee8c477eda2531899ff4de90

    • SHA1

      6e7318d8554c6d1c56a6c5bfdd22016bbf43b6fd

    • SHA256

      1d528029d0ffb09f9d2fe3c4044033e271f59fe3f79af3f934087cd5f493cd0c

    • SHA512

      05a4e63d73aa3c74814b78354624b21aa707b79f8e1ae6543c621ce817d5ecef55117d7e3d49684345ab09e782898558abfe0ccdfb4276dc8b79f86ddd996b63

    • SSDEEP

      24576:Au0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:N0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks