General

  • Target

    99d838c9f13bb346126f3a8e38d0e0c89ec3dc7e7cb319204602d878e9188a8f

  • Size

    704KB

  • Sample

    230423-3cstmage45

  • MD5

    925125548f2eda3186c40d9be8363e82

  • SHA1

    c08a1ad25dfc025833e423c259a43100cd048530

  • SHA256

    99d838c9f13bb346126f3a8e38d0e0c89ec3dc7e7cb319204602d878e9188a8f

  • SHA512

    53a10542f72f35fd07fc3eb1cb72f4c9c0d243d8571dfeb93f9b9b9449dee8562a2f9b5160e5f553260de052b96bf46dbcb079dae9d42489af103c295fac558b

  • SSDEEP

    12288:Vy90Ji8WUjG+NqO+qLqoYhrTbJ2G7DzKPd6AU68A7hsI19zCSsIzMMAj/KuMWB/L:Vyui8b5qKrmrZv7H4d6F68ALFvsIQ3DX

Malware Config

Targets

    • Target

      99d838c9f13bb346126f3a8e38d0e0c89ec3dc7e7cb319204602d878e9188a8f

    • Size

      704KB

    • MD5

      925125548f2eda3186c40d9be8363e82

    • SHA1

      c08a1ad25dfc025833e423c259a43100cd048530

    • SHA256

      99d838c9f13bb346126f3a8e38d0e0c89ec3dc7e7cb319204602d878e9188a8f

    • SHA512

      53a10542f72f35fd07fc3eb1cb72f4c9c0d243d8571dfeb93f9b9b9449dee8562a2f9b5160e5f553260de052b96bf46dbcb079dae9d42489af103c295fac558b

    • SSDEEP

      12288:Vy90Ji8WUjG+NqO+qLqoYhrTbJ2G7DzKPd6AU68A7hsI19zCSsIzMMAj/KuMWB/L:Vyui8b5qKrmrZv7H4d6F68ALFvsIQ3DX

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks