General

  • Target

    18a976db523c8157f8357b3cd29068b01e2c1206d9a173c0ff702c308239f8da

  • Size

    563KB

  • Sample

    230423-3jq9daaa9z

  • MD5

    a0080b552937c981a9b02d0a1bb8b9b4

  • SHA1

    389b4dfe38de20a9f40adcb1864a381a3b78469d

  • SHA256

    18a976db523c8157f8357b3cd29068b01e2c1206d9a173c0ff702c308239f8da

  • SHA512

    8210ad1b7acf583cde551398e3845d91620f600e9fff1bc4e616c58bc7481e2b178a18c9bca752cdba80816ff9d11d8b7a88972dd6f0d42cf3d3d7bc92d74b0b

  • SSDEEP

    12288:ty90sDWhwMx6p94jcNbNPPJbIyvzv0tJzxM9qSC+qjFN:tyzD4wMGyjcTn7bctJdSqSC+kN

Malware Config

Targets

    • Target

      18a976db523c8157f8357b3cd29068b01e2c1206d9a173c0ff702c308239f8da

    • Size

      563KB

    • MD5

      a0080b552937c981a9b02d0a1bb8b9b4

    • SHA1

      389b4dfe38de20a9f40adcb1864a381a3b78469d

    • SHA256

      18a976db523c8157f8357b3cd29068b01e2c1206d9a173c0ff702c308239f8da

    • SHA512

      8210ad1b7acf583cde551398e3845d91620f600e9fff1bc4e616c58bc7481e2b178a18c9bca752cdba80816ff9d11d8b7a88972dd6f0d42cf3d3d7bc92d74b0b

    • SSDEEP

      12288:ty90sDWhwMx6p94jcNbNPPJbIyvzv0tJzxM9qSC+qjFN:tyzD4wMGyjcTn7bctJdSqSC+kN

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks