General

  • Target

    4bad0f6f60b2a2fdb54f41ef09c851f95410d1357101257b831c433619972c69

  • Size

    704KB

  • Sample

    230423-3dsj9aaa7z

  • MD5

    23dce32add1e9bc2d648a2053b4238b4

  • SHA1

    1e761aa5f4302232fd843d1a80a4ed6b0b71a7e7

  • SHA256

    4bad0f6f60b2a2fdb54f41ef09c851f95410d1357101257b831c433619972c69

  • SHA512

    3efeae105748388d2c52dc1ca88b35fcda7c0d18a5f14821863ecabfb58fe27171d475d7723cc7ec95525764af35ab0f524f3d403dd5e1c703dd7b70d9c2a152

  • SSDEEP

    12288:Cy90LIq8etI1/AVisY/Viv9JKwRCBqr/4II1UzCD0IzoMAG/hNac6g51:Cybq8et7g/VL+9/gAi0Ik3Wzz51

Malware Config

Targets

    • Target

      4bad0f6f60b2a2fdb54f41ef09c851f95410d1357101257b831c433619972c69

    • Size

      704KB

    • MD5

      23dce32add1e9bc2d648a2053b4238b4

    • SHA1

      1e761aa5f4302232fd843d1a80a4ed6b0b71a7e7

    • SHA256

      4bad0f6f60b2a2fdb54f41ef09c851f95410d1357101257b831c433619972c69

    • SHA512

      3efeae105748388d2c52dc1ca88b35fcda7c0d18a5f14821863ecabfb58fe27171d475d7723cc7ec95525764af35ab0f524f3d403dd5e1c703dd7b70d9c2a152

    • SSDEEP

      12288:Cy90LIq8etI1/AVisY/Viv9JKwRCBqr/4II1UzCD0IzoMAG/hNac6g51:Cybq8et7g/VL+9/gAi0Ik3Wzz51

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks