General

  • Target

    53a085297b6f55dbc2a3871cfbbc091c5e4bd7ef2e089a5b7265576b653b0d35

  • Size

    704KB

  • Sample

    230423-3bhl9sge38

  • MD5

    06d37226128e188b20812c85ad33ffea

  • SHA1

    bd433148a0a2062571ddbcf66549c75135c43d24

  • SHA256

    53a085297b6f55dbc2a3871cfbbc091c5e4bd7ef2e089a5b7265576b653b0d35

  • SHA512

    1d87a53115275190ec6604fe03fc3d0dbe7f8d981063b363b6775a6ffb663367c3fbfb1e80c45c519061d603ffbf9ebf2b99a1b314fdffb975c7ae59b2771a0a

  • SSDEEP

    12288:iy90FLu1CLZYGS37kQT98eG2DmBIAt33cNI1qzCS6IzyMqT/KsuZA1:iyn10+1AQB8X2OIc3cUC76ImNvuZA1

Malware Config

Targets

    • Target

      53a085297b6f55dbc2a3871cfbbc091c5e4bd7ef2e089a5b7265576b653b0d35

    • Size

      704KB

    • MD5

      06d37226128e188b20812c85ad33ffea

    • SHA1

      bd433148a0a2062571ddbcf66549c75135c43d24

    • SHA256

      53a085297b6f55dbc2a3871cfbbc091c5e4bd7ef2e089a5b7265576b653b0d35

    • SHA512

      1d87a53115275190ec6604fe03fc3d0dbe7f8d981063b363b6775a6ffb663367c3fbfb1e80c45c519061d603ffbf9ebf2b99a1b314fdffb975c7ae59b2771a0a

    • SSDEEP

      12288:iy90FLu1CLZYGS37kQT98eG2DmBIAt33cNI1qzCS6IzyMqT/KsuZA1:iyn10+1AQB8X2OIc3cUC76ImNvuZA1

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks