General

  • Target

    e832a3779dbc08eb16c7a898a7cdb68ed9c7df3fe3da55dd45f6aac2bcd250fc

  • Size

    1.2MB

  • Sample

    230423-3bfsnsaa6y

  • MD5

    3de0e7aa3ab9e73372b39215a2a11d22

  • SHA1

    83765c5c123fdb4a5d7f44604fcd174ed67366b0

  • SHA256

    e832a3779dbc08eb16c7a898a7cdb68ed9c7df3fe3da55dd45f6aac2bcd250fc

  • SHA512

    24ab0d27dca1550a55dfd45dd6fd99c5f6b3a3993c66be424e361efd36c2f9a43a5d94919045c11446652405a0e0eb4105764673e1b48ec53e8e3735ed5a922c

  • SSDEEP

    24576:eu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:T0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      e832a3779dbc08eb16c7a898a7cdb68ed9c7df3fe3da55dd45f6aac2bcd250fc

    • Size

      1.2MB

    • MD5

      3de0e7aa3ab9e73372b39215a2a11d22

    • SHA1

      83765c5c123fdb4a5d7f44604fcd174ed67366b0

    • SHA256

      e832a3779dbc08eb16c7a898a7cdb68ed9c7df3fe3da55dd45f6aac2bcd250fc

    • SHA512

      24ab0d27dca1550a55dfd45dd6fd99c5f6b3a3993c66be424e361efd36c2f9a43a5d94919045c11446652405a0e0eb4105764673e1b48ec53e8e3735ed5a922c

    • SSDEEP

      24576:eu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:T0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks