General

  • Target

    3a25ccdb496d1cd6ad2c4a1a8a18d511c48c82ce16ac02559df02e5c2d1e8b29

  • Size

    704KB

  • Sample

    230423-3gjfraaa9v

  • MD5

    16c88687c1fe03941c0ef2df4e1ec4e5

  • SHA1

    bdf860a875280b53df61e40733bf94258b3ae7cd

  • SHA256

    3a25ccdb496d1cd6ad2c4a1a8a18d511c48c82ce16ac02559df02e5c2d1e8b29

  • SHA512

    6ad2b8afab8aa3461fddbdde9fcf50193ff2bfd749c300a648ad7702e45781cac87696f7663ec9668126dd9d9932385e469c70bc43acf7c4a6e1663b09fba944

  • SSDEEP

    12288:3y90UUF5WgC0of4i4acwl/Fc1T2E827hoDtcI15zCEAIzQMiv/KCanlegEn2:3y7vgC0orTldc1T827hybB1AIEFAng2

Malware Config

Targets

    • Target

      3a25ccdb496d1cd6ad2c4a1a8a18d511c48c82ce16ac02559df02e5c2d1e8b29

    • Size

      704KB

    • MD5

      16c88687c1fe03941c0ef2df4e1ec4e5

    • SHA1

      bdf860a875280b53df61e40733bf94258b3ae7cd

    • SHA256

      3a25ccdb496d1cd6ad2c4a1a8a18d511c48c82ce16ac02559df02e5c2d1e8b29

    • SHA512

      6ad2b8afab8aa3461fddbdde9fcf50193ff2bfd749c300a648ad7702e45781cac87696f7663ec9668126dd9d9932385e469c70bc43acf7c4a6e1663b09fba944

    • SSDEEP

      12288:3y90UUF5WgC0of4i4acwl/Fc1T2E827hoDtcI15zCEAIzQMiv/KCanlegEn2:3y7vgC0orTldc1T827hybB1AIEFAng2

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks