General

  • Target

    4d7fd1e337f1ee8adaeb480af414eefb8933840d2cf8686ab04211cba8c430a5

  • Size

    563KB

  • Sample

    230423-3lggysab2x

  • MD5

    d29d747ef33ef0998564813bbd795e66

  • SHA1

    fedcffe0aadb1fbe7cf79b34b21e3c83b3a5cf00

  • SHA256

    4d7fd1e337f1ee8adaeb480af414eefb8933840d2cf8686ab04211cba8c430a5

  • SHA512

    eff67180323dcead36fa165d21073e6d3541cb5be8be7b8b66b738f3de17cb3aef74860f23eab11463405dfcf1e367bbe29fad0b0b0f9bcb31d94c350f19890c

  • SSDEEP

    12288:wy90rUaztoUZN0tu5lD/YPIvtzq0tganMy9OaUH4iIrK:wyBazhNNJnVltgmV97UYi4K

Malware Config

Targets

    • Target

      4d7fd1e337f1ee8adaeb480af414eefb8933840d2cf8686ab04211cba8c430a5

    • Size

      563KB

    • MD5

      d29d747ef33ef0998564813bbd795e66

    • SHA1

      fedcffe0aadb1fbe7cf79b34b21e3c83b3a5cf00

    • SHA256

      4d7fd1e337f1ee8adaeb480af414eefb8933840d2cf8686ab04211cba8c430a5

    • SHA512

      eff67180323dcead36fa165d21073e6d3541cb5be8be7b8b66b738f3de17cb3aef74860f23eab11463405dfcf1e367bbe29fad0b0b0f9bcb31d94c350f19890c

    • SSDEEP

      12288:wy90rUaztoUZN0tu5lD/YPIvtzq0tganMy9OaUH4iIrK:wyBazhNNJnVltgmV97UYi4K

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks