General

  • Target

    8d0cc83e4aac66f059c9a5e2b7cf22bd9786ab707d51637d623b54171cf9055a

  • Size

    704KB

  • Sample

    230423-3gq6lage58

  • MD5

    35df34f1f294c0906d3755908aa2f099

  • SHA1

    d665fc6dee6cbef3d843ea224fcfc87040122f85

  • SHA256

    8d0cc83e4aac66f059c9a5e2b7cf22bd9786ab707d51637d623b54171cf9055a

  • SHA512

    641989f458a0696a9708f1838bd01a3454d83bf7d5e36ee969a670870102cd0562b60d9005ab8f8f96a7554b9dee131fbefb9a6114adfb132467ba669371314b

  • SSDEEP

    12288:ey90UUF5WgC0of4i4acwl/Fc1T2E827hoDtcI15zCEAIzQMiv/KCanlegEn2:ey7vgC0orTldc1T827hybB1AIEFAng2

Malware Config

Targets

    • Target

      8d0cc83e4aac66f059c9a5e2b7cf22bd9786ab707d51637d623b54171cf9055a

    • Size

      704KB

    • MD5

      35df34f1f294c0906d3755908aa2f099

    • SHA1

      d665fc6dee6cbef3d843ea224fcfc87040122f85

    • SHA256

      8d0cc83e4aac66f059c9a5e2b7cf22bd9786ab707d51637d623b54171cf9055a

    • SHA512

      641989f458a0696a9708f1838bd01a3454d83bf7d5e36ee969a670870102cd0562b60d9005ab8f8f96a7554b9dee131fbefb9a6114adfb132467ba669371314b

    • SSDEEP

      12288:ey90UUF5WgC0of4i4acwl/Fc1T2E827hoDtcI15zCEAIzQMiv/KCanlegEn2:ey7vgC0orTldc1T827hybB1AIEFAng2

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks