General

  • Target

    f22b0805c2ac2068ffce3a6857dad8af694c71d68bbda083e44b502d2431ccc6

  • Size

    564KB

  • Sample

    230423-3cnvnsge44

  • MD5

    57791897b12cf9020cfb36e9ee40c7eb

  • SHA1

    01d273f3ead1f4583228bbeffb14e79fc3437921

  • SHA256

    f22b0805c2ac2068ffce3a6857dad8af694c71d68bbda083e44b502d2431ccc6

  • SHA512

    1d74572c2e59917e3e30c71509f008d89fd672b27ba89f385df16abd4c34d1b922544fb2f36b2a00511a5ef18c89c06904ef6640cfa905d4f84fbf2d44ff9f2e

  • SSDEEP

    12288:Jy90SSKLokU3RbY2sI6Tzq03rVnMit2jkToIuTi:JydJMRbYPfl3rJBt2jyoIu+

Malware Config

Targets

    • Target

      f22b0805c2ac2068ffce3a6857dad8af694c71d68bbda083e44b502d2431ccc6

    • Size

      564KB

    • MD5

      57791897b12cf9020cfb36e9ee40c7eb

    • SHA1

      01d273f3ead1f4583228bbeffb14e79fc3437921

    • SHA256

      f22b0805c2ac2068ffce3a6857dad8af694c71d68bbda083e44b502d2431ccc6

    • SHA512

      1d74572c2e59917e3e30c71509f008d89fd672b27ba89f385df16abd4c34d1b922544fb2f36b2a00511a5ef18c89c06904ef6640cfa905d4f84fbf2d44ff9f2e

    • SSDEEP

      12288:Jy90SSKLokU3RbY2sI6Tzq03rVnMit2jkToIuTi:JydJMRbYPfl3rJBt2jyoIu+

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks