General

  • Target

    14e1301d16e60f7c7a71e6d5a064f62baf14da25447af4801ef5b1b2f93b0f65

  • Size

    704KB

  • Sample

    230423-3eckesaa8v

  • MD5

    82f7664bf594485c27b742c5c97a88a8

  • SHA1

    e4780ce2c37178c92b46afc3b4897aec3e76a020

  • SHA256

    14e1301d16e60f7c7a71e6d5a064f62baf14da25447af4801ef5b1b2f93b0f65

  • SHA512

    80123b23586f9f76a6dd356d2f424b5762dbdd90827652d967de2038951183b91bb138df5a989d4ae5240305dd3cdae91b59383a3277acbe50b8087932a577a6

  • SSDEEP

    12288:Fy90F57tfv+PsVoj+nJITDkRKGuDmB06dGMdULuBhFMDjI1GzC31Iz8MQ1/KCste:FyMINj+nJIsRzuO06AjuTFMDOua1I4fZ

Malware Config

Targets

    • Target

      14e1301d16e60f7c7a71e6d5a064f62baf14da25447af4801ef5b1b2f93b0f65

    • Size

      704KB

    • MD5

      82f7664bf594485c27b742c5c97a88a8

    • SHA1

      e4780ce2c37178c92b46afc3b4897aec3e76a020

    • SHA256

      14e1301d16e60f7c7a71e6d5a064f62baf14da25447af4801ef5b1b2f93b0f65

    • SHA512

      80123b23586f9f76a6dd356d2f424b5762dbdd90827652d967de2038951183b91bb138df5a989d4ae5240305dd3cdae91b59383a3277acbe50b8087932a577a6

    • SSDEEP

      12288:Fy90F57tfv+PsVoj+nJITDkRKGuDmB06dGMdULuBhFMDjI1GzC31Iz8MQ1/KCste:FyMINj+nJIsRzuO06AjuTFMDOua1I4fZ

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks