General

  • Target

    0c2d0020571a44817e9064f4771af1b0f492d47b2fa8f954d6fea4f31d87322b

  • Size

    703KB

  • Sample

    230423-3ls6raab2z

  • MD5

    e6b552ab9139031b22d48057c2b78d61

  • SHA1

    d8f6e3be4a126060740e98a95a31889776189016

  • SHA256

    0c2d0020571a44817e9064f4771af1b0f492d47b2fa8f954d6fea4f31d87322b

  • SHA512

    e6cecf56edebc36112aeb05c02d5ad624a31f9980c7aeb6a84db33f9ef549a89111a9a943d31746964e8f4f1759d5f46b5d7a4f2ae90d9ef6e2dfe90ac6b5519

  • SSDEEP

    12288:Gy90oxoG00ITVokkjfFAFtFI1ezC8MIzlMMC/KlcjJlZ8+8X:GydFgMjqF2mBMIpjMlZ8pX

Malware Config

Targets

    • Target

      0c2d0020571a44817e9064f4771af1b0f492d47b2fa8f954d6fea4f31d87322b

    • Size

      703KB

    • MD5

      e6b552ab9139031b22d48057c2b78d61

    • SHA1

      d8f6e3be4a126060740e98a95a31889776189016

    • SHA256

      0c2d0020571a44817e9064f4771af1b0f492d47b2fa8f954d6fea4f31d87322b

    • SHA512

      e6cecf56edebc36112aeb05c02d5ad624a31f9980c7aeb6a84db33f9ef549a89111a9a943d31746964e8f4f1759d5f46b5d7a4f2ae90d9ef6e2dfe90ac6b5519

    • SSDEEP

      12288:Gy90oxoG00ITVokkjfFAFtFI1ezC8MIzlMMC/KlcjJlZ8+8X:GydFgMjqF2mBMIpjMlZ8pX

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks