General

  • Target

    fbe8dd8a37761e1a5dfd76fed51072c8f33ec60094ee688f7a217a328815a0a1

  • Size

    704KB

  • Sample

    230423-3e253sge52

  • MD5

    d9285d12dfd1ed93baa265947a85f1b0

  • SHA1

    2a511a1e1500a44b700911831c643b401307686c

  • SHA256

    fbe8dd8a37761e1a5dfd76fed51072c8f33ec60094ee688f7a217a328815a0a1

  • SHA512

    4c0a060a8f5944c761fa8744242bcc6ef42f1ef966f27c6056b332279ff2aeaca6870cad3df8e131d45b2632349788e8eb87ceefe2838a6bef43adb52f38b171

  • SSDEEP

    12288:Hy90EExkE65ioaxyTtGMDz0zFamb5AR1GI1gzCBrIzPM5K/K/3yU7:HyziZgwMIRm1vMMrIzG77

Malware Config

Targets

    • Target

      fbe8dd8a37761e1a5dfd76fed51072c8f33ec60094ee688f7a217a328815a0a1

    • Size

      704KB

    • MD5

      d9285d12dfd1ed93baa265947a85f1b0

    • SHA1

      2a511a1e1500a44b700911831c643b401307686c

    • SHA256

      fbe8dd8a37761e1a5dfd76fed51072c8f33ec60094ee688f7a217a328815a0a1

    • SHA512

      4c0a060a8f5944c761fa8744242bcc6ef42f1ef966f27c6056b332279ff2aeaca6870cad3df8e131d45b2632349788e8eb87ceefe2838a6bef43adb52f38b171

    • SSDEEP

      12288:Hy90EExkE65ioaxyTtGMDz0zFamb5AR1GI1gzCBrIzPM5K/K/3yU7:HyziZgwMIRm1vMMrIzG77

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks