General

  • Target

    86a2341a9ec50d77dadbeb16afc9024cf65d23cbf8b6f0ab4966f82544716cdb

  • Size

    704KB

  • Sample

    230423-3ajg6sge35

  • MD5

    7b53d14db541567bcad2443ff676405a

  • SHA1

    b98e55aebdbcd98f7c1dd0caed29e7f3bbd1d228

  • SHA256

    86a2341a9ec50d77dadbeb16afc9024cf65d23cbf8b6f0ab4966f82544716cdb

  • SHA512

    7c61d59a42cb099cb4df8853dfafc51e5716131bfc3edd7e5bd5059f6c7742228a5c0fbc383702f42660c9753c5839ef0bdb7ace985ed8daba69bd277df85336

  • SSDEEP

    12288:Ky9062UT0U39uggoiKza4ya1TXOjDGvDMl2RFamlSCSPxII1UzCxDIzPMhh/Kozo:KyRD0U39ngKxyiTNvLbfSp1AsDIzOJoD

Malware Config

Targets

    • Target

      86a2341a9ec50d77dadbeb16afc9024cf65d23cbf8b6f0ab4966f82544716cdb

    • Size

      704KB

    • MD5

      7b53d14db541567bcad2443ff676405a

    • SHA1

      b98e55aebdbcd98f7c1dd0caed29e7f3bbd1d228

    • SHA256

      86a2341a9ec50d77dadbeb16afc9024cf65d23cbf8b6f0ab4966f82544716cdb

    • SHA512

      7c61d59a42cb099cb4df8853dfafc51e5716131bfc3edd7e5bd5059f6c7742228a5c0fbc383702f42660c9753c5839ef0bdb7ace985ed8daba69bd277df85336

    • SSDEEP

      12288:Ky9062UT0U39uggoiKza4ya1TXOjDGvDMl2RFamlSCSPxII1UzCxDIzPMhh/Kozo:KyRD0U39ngKxyiTNvLbfSp1AsDIzOJoD

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks