General

  • Target

    ff60acede151d3cbfb978bbf5dcafabd13f7010a067d341d0aae5b123a4e0522

  • Size

    703KB

  • Sample

    230423-3h9z4aaa9y

  • MD5

    647dbb087ce391a1aa65703f0d6acb99

  • SHA1

    46254b1655c74ec5e6cc0ab5bd6d698e5e22bd5b

  • SHA256

    ff60acede151d3cbfb978bbf5dcafabd13f7010a067d341d0aae5b123a4e0522

  • SHA512

    3c7fcc9e35b0f0857cc0d5ed7b1867719f0b2dd3591049af7b7eeb415199e2c3835d06685f5ac7e6b4dfdadb8bfc65c45accd03c7f8984ed3a12462e87b0aca3

  • SSDEEP

    12288:Ky90FzPuKNyimScESDdTA4lKtvI1VzCDnIzFMID/K7NmH1V:KyIrGim/EEU4wc9enIR3U83

Malware Config

Targets

    • Target

      ff60acede151d3cbfb978bbf5dcafabd13f7010a067d341d0aae5b123a4e0522

    • Size

      703KB

    • MD5

      647dbb087ce391a1aa65703f0d6acb99

    • SHA1

      46254b1655c74ec5e6cc0ab5bd6d698e5e22bd5b

    • SHA256

      ff60acede151d3cbfb978bbf5dcafabd13f7010a067d341d0aae5b123a4e0522

    • SHA512

      3c7fcc9e35b0f0857cc0d5ed7b1867719f0b2dd3591049af7b7eeb415199e2c3835d06685f5ac7e6b4dfdadb8bfc65c45accd03c7f8984ed3a12462e87b0aca3

    • SSDEEP

      12288:Ky90FzPuKNyimScESDdTA4lKtvI1VzCDnIzFMID/K7NmH1V:KyIrGim/EEU4wc9enIR3U83

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks