General

  • Target

    30c1cb725e5d22cbbee89ceb679626f353883f3585e3f1c0f22f7e988c23c083

  • Size

    704KB

  • Sample

    230423-3hnf4aaa9x

  • MD5

    a8f28cae8d5b1b023913f3f93dfd9734

  • SHA1

    5c84bb7be5bfd5e9993ea6b2e170a8ff1626ec89

  • SHA256

    30c1cb725e5d22cbbee89ceb679626f353883f3585e3f1c0f22f7e988c23c083

  • SHA512

    d0046a0349a8065d17783a79ce493c6b26fe60ec20bf0598d45a19a764b43794548de7883c3ca4f791d97496d6ad2dea64899a78f535c80d961987981aec3656

  • SSDEEP

    12288:fy90t0vHlW3J1xHqasgn/6W2sLNrRP56tGtRI14zC6EIzcMKZ/K0xaz5Z4J:fy3qpxn8sLNFP5+GykPEIIptUEJ

Malware Config

Targets

    • Target

      30c1cb725e5d22cbbee89ceb679626f353883f3585e3f1c0f22f7e988c23c083

    • Size

      704KB

    • MD5

      a8f28cae8d5b1b023913f3f93dfd9734

    • SHA1

      5c84bb7be5bfd5e9993ea6b2e170a8ff1626ec89

    • SHA256

      30c1cb725e5d22cbbee89ceb679626f353883f3585e3f1c0f22f7e988c23c083

    • SHA512

      d0046a0349a8065d17783a79ce493c6b26fe60ec20bf0598d45a19a764b43794548de7883c3ca4f791d97496d6ad2dea64899a78f535c80d961987981aec3656

    • SSDEEP

      12288:fy90t0vHlW3J1xHqasgn/6W2sLNrRP56tGtRI14zC6EIzcMKZ/K0xaz5Z4J:fy3qpxn8sLNFP5+GykPEIIptUEJ

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks