General

  • Target

    8c953b1ac910fa0c987e6401777b1a4b28f71ef0bcad0e584b7b87b6e7ce97eb

  • Size

    563KB

  • Sample

    230423-3c9r5saa7x

  • MD5

    3ec6fc39370500c213dbec63de2a31e3

  • SHA1

    a51563f89a5410075dc714ed88b5f8793eaffec2

  • SHA256

    8c953b1ac910fa0c987e6401777b1a4b28f71ef0bcad0e584b7b87b6e7ce97eb

  • SHA512

    61df33a8f4ec650096163deeacb36c09036de9e14d565bd5f5803a1f2066e897f947dd685207282aed62c0666a15b958b0b90a5970babeb840e77c42bd87dfa8

  • SSDEEP

    12288:Cy90DpfzeqN8SvfDNJLLh8IUDzF03pzcMR/tPpl0uA1mPJ:Cy4pfVN8SvfHlov+3pQa/dITYPJ

Malware Config

Targets

    • Target

      8c953b1ac910fa0c987e6401777b1a4b28f71ef0bcad0e584b7b87b6e7ce97eb

    • Size

      563KB

    • MD5

      3ec6fc39370500c213dbec63de2a31e3

    • SHA1

      a51563f89a5410075dc714ed88b5f8793eaffec2

    • SHA256

      8c953b1ac910fa0c987e6401777b1a4b28f71ef0bcad0e584b7b87b6e7ce97eb

    • SHA512

      61df33a8f4ec650096163deeacb36c09036de9e14d565bd5f5803a1f2066e897f947dd685207282aed62c0666a15b958b0b90a5970babeb840e77c42bd87dfa8

    • SSDEEP

      12288:Cy90DpfzeqN8SvfDNJLLh8IUDzF03pzcMR/tPpl0uA1mPJ:Cy4pfVN8SvfHlov+3pQa/dITYPJ

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks