General

  • Target

    e890c8cdec785836a310b37edcdb56b79e2bf1134aa03ba18aa13262c0c1856d

  • Size

    564KB

  • Sample

    230423-3fljqaaa81

  • MD5

    36b984f1fd35e4a3e4766b9660b91275

  • SHA1

    31611a53373897fb83e10b0f99baaa74d12ddd6b

  • SHA256

    e890c8cdec785836a310b37edcdb56b79e2bf1134aa03ba18aa13262c0c1856d

  • SHA512

    ac088e355d85bfd53ba515d7a6c48ebd34acbdd72abd66813e61b9b6c28eb38f6e63f33271515e6ac0ff89fd602c65854584b3cce9170ef19e552c5f41c6f573

  • SSDEEP

    12288:1y90UvelSA/27ZCytZ+fsZLBIzGz70df6nMVNe6IjujJbO42:1yqlVUWf7u4dfG6NPIjutu

Malware Config

Targets

    • Target

      e890c8cdec785836a310b37edcdb56b79e2bf1134aa03ba18aa13262c0c1856d

    • Size

      564KB

    • MD5

      36b984f1fd35e4a3e4766b9660b91275

    • SHA1

      31611a53373897fb83e10b0f99baaa74d12ddd6b

    • SHA256

      e890c8cdec785836a310b37edcdb56b79e2bf1134aa03ba18aa13262c0c1856d

    • SHA512

      ac088e355d85bfd53ba515d7a6c48ebd34acbdd72abd66813e61b9b6c28eb38f6e63f33271515e6ac0ff89fd602c65854584b3cce9170ef19e552c5f41c6f573

    • SSDEEP

      12288:1y90UvelSA/27ZCytZ+fsZLBIzGz70df6nMVNe6IjujJbO42:1yqlVUWf7u4dfG6NPIjutu

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks