General

  • Target

    a675956c0c3d14231ef64934d2ae6deaf9bcefc37c8a8902baa84099ec5ccff0

  • Size

    563KB

  • Sample

    230423-3gkc2saa9w

  • MD5

    dbaf42c89298c92c6e26b72e782bd883

  • SHA1

    1c06f01065dc9ca1625a179c7b0f0ddb4f6fbebe

  • SHA256

    a675956c0c3d14231ef64934d2ae6deaf9bcefc37c8a8902baa84099ec5ccff0

  • SHA512

    548aa836820317cde25677c95ed88f544dd943da85d7c8a5fed35b3cd5cec28315b0c994ee1e63bdb4eb41ee50b1af6764fecaf291d6b43b9fc4391b09688279

  • SSDEEP

    12288:9y90ayaf3keh0knkXQzlPhRIkRzr0BIBnM2AEe6JexR:9yYE3WilnZIBIlVALP

Malware Config

Targets

    • Target

      a675956c0c3d14231ef64934d2ae6deaf9bcefc37c8a8902baa84099ec5ccff0

    • Size

      563KB

    • MD5

      dbaf42c89298c92c6e26b72e782bd883

    • SHA1

      1c06f01065dc9ca1625a179c7b0f0ddb4f6fbebe

    • SHA256

      a675956c0c3d14231ef64934d2ae6deaf9bcefc37c8a8902baa84099ec5ccff0

    • SHA512

      548aa836820317cde25677c95ed88f544dd943da85d7c8a5fed35b3cd5cec28315b0c994ee1e63bdb4eb41ee50b1af6764fecaf291d6b43b9fc4391b09688279

    • SSDEEP

      12288:9y90ayaf3keh0knkXQzlPhRIkRzr0BIBnM2AEe6JexR:9yYE3WilnZIBIlVALP

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks