General

  • Target

    02a0ca2757fe4c921e72420dd1ee2a7b7bb19fd2d24729e7ef58a7a3d68f41ff

  • Size

    563KB

  • Sample

    230423-3e33dage53

  • MD5

    403c2c980a1b1ecd586af5a452fd427b

  • SHA1

    9d397bbe18fe30c8ebd2bcb895d912e05f4d9899

  • SHA256

    02a0ca2757fe4c921e72420dd1ee2a7b7bb19fd2d24729e7ef58a7a3d68f41ff

  • SHA512

    2d96b601bc3e4fb1feb0fbca921fac1cd6d5d4dd0a6e9ad59dd1b345c19b897a6178a6bedc7481bf63cd65227698551a025c8caba69c22d80365b91553a2c70d

  • SSDEEP

    12288:8y90CqKAXFg+FOCt8rePzIFHzm0CWznM+Bk/WQe4koL:8yPNA1g4JmreeTRCWjFO/9Jkm

Malware Config

Targets

    • Target

      02a0ca2757fe4c921e72420dd1ee2a7b7bb19fd2d24729e7ef58a7a3d68f41ff

    • Size

      563KB

    • MD5

      403c2c980a1b1ecd586af5a452fd427b

    • SHA1

      9d397bbe18fe30c8ebd2bcb895d912e05f4d9899

    • SHA256

      02a0ca2757fe4c921e72420dd1ee2a7b7bb19fd2d24729e7ef58a7a3d68f41ff

    • SHA512

      2d96b601bc3e4fb1feb0fbca921fac1cd6d5d4dd0a6e9ad59dd1b345c19b897a6178a6bedc7481bf63cd65227698551a025c8caba69c22d80365b91553a2c70d

    • SSDEEP

      12288:8y90CqKAXFg+FOCt8rePzIFHzm0CWznM+Bk/WQe4koL:8yPNA1g4JmreeTRCWjFO/9Jkm

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks