General

  • Target

    de370282aac54c04e455aa64868b325afa86d158b0b798e6fa5dedbd44a010c0

  • Size

    704KB

  • Sample

    230423-3f5btsge54

  • MD5

    ddd94e15ef073deb346bce7535a260ca

  • SHA1

    8e5c8f199700b4cf977f318301138f7c31df1d92

  • SHA256

    de370282aac54c04e455aa64868b325afa86d158b0b798e6fa5dedbd44a010c0

  • SHA512

    506a24c30045efc17d50d8b683795fddebee07551be6ca3a860c9ee4ad37754705d118e220ccfa163f6af9d8bd939cc7449d9dcbb2c695b6af257b2e9ef0c0ae

  • SSDEEP

    12288:3y900THR0PRKyvVETTA6cFGlDmBs+LEgv5I16zCQSIzVMC+/KKuoH8:3yhbu/vV8pcUlOs+oXytSIBJAuE8

Malware Config

Targets

    • Target

      de370282aac54c04e455aa64868b325afa86d158b0b798e6fa5dedbd44a010c0

    • Size

      704KB

    • MD5

      ddd94e15ef073deb346bce7535a260ca

    • SHA1

      8e5c8f199700b4cf977f318301138f7c31df1d92

    • SHA256

      de370282aac54c04e455aa64868b325afa86d158b0b798e6fa5dedbd44a010c0

    • SHA512

      506a24c30045efc17d50d8b683795fddebee07551be6ca3a860c9ee4ad37754705d118e220ccfa163f6af9d8bd939cc7449d9dcbb2c695b6af257b2e9ef0c0ae

    • SSDEEP

      12288:3y900THR0PRKyvVETTA6cFGlDmBs+LEgv5I16zCQSIzVMC+/KKuoH8:3yhbu/vV8pcUlOs+oXytSIBJAuE8

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks