General

  • Target

    862f7dbae7ef7364e5cad20f367456e6d6acdde28a2ce1876615d36e5c9a7a59

  • Size

    703KB

  • Sample

    230423-3j3bmsge75

  • MD5

    2cde845bba56d1058a41d973185e82a2

  • SHA1

    a9c8267cc8928454ec2a74243393d5a352c15e67

  • SHA256

    862f7dbae7ef7364e5cad20f367456e6d6acdde28a2ce1876615d36e5c9a7a59

  • SHA512

    cf50a5f0fbc0851134a66dbf5a76053e6e754147b920730f74a77647defcfcae1fbd8aa365aba6ff24ba79a329fb144a07bf74ba7762ea47899e5c91a0d1cbd5

  • SSDEEP

    12288:gy90Bya7RWShlLB0V1T2E827d/MimjTxTC4t8I1tzCP9IzYMGj/KU4skPNmN:gyy7QV1T827dJ4FjVq9IcB7kc

Malware Config

Targets

    • Target

      862f7dbae7ef7364e5cad20f367456e6d6acdde28a2ce1876615d36e5c9a7a59

    • Size

      703KB

    • MD5

      2cde845bba56d1058a41d973185e82a2

    • SHA1

      a9c8267cc8928454ec2a74243393d5a352c15e67

    • SHA256

      862f7dbae7ef7364e5cad20f367456e6d6acdde28a2ce1876615d36e5c9a7a59

    • SHA512

      cf50a5f0fbc0851134a66dbf5a76053e6e754147b920730f74a77647defcfcae1fbd8aa365aba6ff24ba79a329fb144a07bf74ba7762ea47899e5c91a0d1cbd5

    • SSDEEP

      12288:gy90Bya7RWShlLB0V1T2E827d/MimjTxTC4t8I1tzCP9IzYMGj/KU4skPNmN:gyy7QV1T827dJ4FjVq9IcB7kc

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks