General

  • Target

    eec43bc8b1b7b054b8dcad63569dfd24772ad21e25c5bca55bc95d0a91a3a887

  • Size

    564KB

  • Sample

    230423-3h6mnsge68

  • MD5

    a971423bc76c94e514292d867f9c407b

  • SHA1

    355629e1f53ca92b270315855b500ca8677edb60

  • SHA256

    eec43bc8b1b7b054b8dcad63569dfd24772ad21e25c5bca55bc95d0a91a3a887

  • SHA512

    bc24a8d71c3d842dfee3ec9e1668150718fe7cd33eff23e1be399bbba0b89b2172b697d63da42912d48bcc6d5f13ca33d60876f01717a8d10f2ef35e78485e9d

  • SSDEEP

    12288:yy90HDfi2IiDQ+hSgOa2xffImizf02LlnMPES7kYZ03+P51:yyIDfi2IiDQ+hQaWx6s2L5QExYO3+Pv

Malware Config

Targets

    • Target

      eec43bc8b1b7b054b8dcad63569dfd24772ad21e25c5bca55bc95d0a91a3a887

    • Size

      564KB

    • MD5

      a971423bc76c94e514292d867f9c407b

    • SHA1

      355629e1f53ca92b270315855b500ca8677edb60

    • SHA256

      eec43bc8b1b7b054b8dcad63569dfd24772ad21e25c5bca55bc95d0a91a3a887

    • SHA512

      bc24a8d71c3d842dfee3ec9e1668150718fe7cd33eff23e1be399bbba0b89b2172b697d63da42912d48bcc6d5f13ca33d60876f01717a8d10f2ef35e78485e9d

    • SSDEEP

      12288:yy90HDfi2IiDQ+hSgOa2xffImizf02LlnMPES7kYZ03+P51:yyIDfi2IiDQ+hQaWx6s2L5QExYO3+Pv

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks