General

  • Target

    52ecf709f2722ff17b25835d369332b1ae2de135a45c7eb92a6c323f50701e9f

  • Size

    563KB

  • Sample

    230423-3a9pcsge37

  • MD5

    3ef9cc3de64f8370c213687aa23d71b9

  • SHA1

    51655d78e6be40e01df8258f01d710cc81d033ae

  • SHA256

    52ecf709f2722ff17b25835d369332b1ae2de135a45c7eb92a6c323f50701e9f

  • SHA512

    e1bd97f4a1570ef7db8a1cd5b81d393759aee5b030a06a6b83c7e202b1e0d845f11154192439d8731c238bf0302eb86d7946d41ae0eacebc6a97a25c65d098db

  • SSDEEP

    12288:2y90Fqoah4AAyTcnBQrIq9z50tpzqMraJQVtYg1F/:2ySqoa7BTcnB+FitpWkUQMWF/

Malware Config

Targets

    • Target

      52ecf709f2722ff17b25835d369332b1ae2de135a45c7eb92a6c323f50701e9f

    • Size

      563KB

    • MD5

      3ef9cc3de64f8370c213687aa23d71b9

    • SHA1

      51655d78e6be40e01df8258f01d710cc81d033ae

    • SHA256

      52ecf709f2722ff17b25835d369332b1ae2de135a45c7eb92a6c323f50701e9f

    • SHA512

      e1bd97f4a1570ef7db8a1cd5b81d393759aee5b030a06a6b83c7e202b1e0d845f11154192439d8731c238bf0302eb86d7946d41ae0eacebc6a97a25c65d098db

    • SSDEEP

      12288:2y90Fqoah4AAyTcnBQrIq9z50tpzqMraJQVtYg1F/:2ySqoa7BTcnB+FitpWkUQMWF/

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks