General

  • Target

    63a9f2391fe2a8492c73b7b3211446f77269cbaa9f8f487eefbeb01ad244280e

  • Size

    1.2MB

  • Sample

    230423-3dwxnsge49

  • MD5

    5d1d86c6f9be988adab37fbf13433a35

  • SHA1

    c39fc43d0a1af7c6e40d5ea9b22a325f25dc5445

  • SHA256

    63a9f2391fe2a8492c73b7b3211446f77269cbaa9f8f487eefbeb01ad244280e

  • SHA512

    0684dac2dadd477c9f69743fb8c2dd6e50cae37275cd5de574cdf42b9bb7477b87ab94267696ddbc6231c1542db925111a964630222e9e90ce8f1caed5a5c218

  • SSDEEP

    24576:3u0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:+0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      63a9f2391fe2a8492c73b7b3211446f77269cbaa9f8f487eefbeb01ad244280e

    • Size

      1.2MB

    • MD5

      5d1d86c6f9be988adab37fbf13433a35

    • SHA1

      c39fc43d0a1af7c6e40d5ea9b22a325f25dc5445

    • SHA256

      63a9f2391fe2a8492c73b7b3211446f77269cbaa9f8f487eefbeb01ad244280e

    • SHA512

      0684dac2dadd477c9f69743fb8c2dd6e50cae37275cd5de574cdf42b9bb7477b87ab94267696ddbc6231c1542db925111a964630222e9e90ce8f1caed5a5c218

    • SSDEEP

      24576:3u0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:+0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks