General

  • Target

    84c1c51648bc5ab8b864d1a3f4fea11d3ada69099aef36a526c18ed0f6ca21f3

  • Size

    564KB

  • Sample

    230423-3dzcssaa71

  • MD5

    e4999c7e4a6426eefffaffc0e6fcb20d

  • SHA1

    c1fac65f4c2ebd67d6b7b8f400a3202e82741a99

  • SHA256

    84c1c51648bc5ab8b864d1a3f4fea11d3ada69099aef36a526c18ed0f6ca21f3

  • SHA512

    6c3ec4d8bbc255c84dceafd121752e7994b9777d871c288498043cf8282605d9f1db6193469c8a7a0d67bf24b8689bc2f62780c320e2b2a74a63d3cc4ce5fc4c

  • SSDEEP

    12288:xy90s7lRYeuxm2jVO5IWNz502FzMMjtgUQCdY:xyDcxjc1i2FIYtrQKY

Malware Config

Targets

    • Target

      84c1c51648bc5ab8b864d1a3f4fea11d3ada69099aef36a526c18ed0f6ca21f3

    • Size

      564KB

    • MD5

      e4999c7e4a6426eefffaffc0e6fcb20d

    • SHA1

      c1fac65f4c2ebd67d6b7b8f400a3202e82741a99

    • SHA256

      84c1c51648bc5ab8b864d1a3f4fea11d3ada69099aef36a526c18ed0f6ca21f3

    • SHA512

      6c3ec4d8bbc255c84dceafd121752e7994b9777d871c288498043cf8282605d9f1db6193469c8a7a0d67bf24b8689bc2f62780c320e2b2a74a63d3cc4ce5fc4c

    • SSDEEP

      12288:xy90s7lRYeuxm2jVO5IWNz502FzMMjtgUQCdY:xyDcxjc1i2FIYtrQKY

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks