General

  • Target

    357d9141dffc63f67de2d1c911128b5c875a23e9f82d8bb9cc0077b1b7ba5f96

  • Size

    1.2MB

  • Sample

    230423-3k618age79

  • MD5

    8236eb86daaae01121d83b0f5effb11e

  • SHA1

    8e329025638eabbda759dcd3600f9a0a695286f7

  • SHA256

    357d9141dffc63f67de2d1c911128b5c875a23e9f82d8bb9cc0077b1b7ba5f96

  • SHA512

    bec1d9ecb9ba2b49d701ecf08c8dddc6b0472f5ceae5890c34fd4093a7c162c7b44df462ff31e7668dc0dede37db61a7ab32e11a966a9d95ec2c59b1fcac1cb9

  • SSDEEP

    24576:Ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:D0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      357d9141dffc63f67de2d1c911128b5c875a23e9f82d8bb9cc0077b1b7ba5f96

    • Size

      1.2MB

    • MD5

      8236eb86daaae01121d83b0f5effb11e

    • SHA1

      8e329025638eabbda759dcd3600f9a0a695286f7

    • SHA256

      357d9141dffc63f67de2d1c911128b5c875a23e9f82d8bb9cc0077b1b7ba5f96

    • SHA512

      bec1d9ecb9ba2b49d701ecf08c8dddc6b0472f5ceae5890c34fd4093a7c162c7b44df462ff31e7668dc0dede37db61a7ab32e11a966a9d95ec2c59b1fcac1cb9

    • SSDEEP

      24576:Ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:D0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks