General

  • Target

    653c38174cc26098f23291a67cbcab5bbbe0d495d703b467aa3909dfac5813c4

  • Size

    1.2MB

  • Sample

    230423-pcnb9aeh2s

  • MD5

    038dabbfcf08b62329425d2562876228

  • SHA1

    83ae0092e1c96ce79a352a68f3b5be5854a66d34

  • SHA256

    653c38174cc26098f23291a67cbcab5bbbe0d495d703b467aa3909dfac5813c4

  • SHA512

    b0080a6aca2a7351b25a38f8d8640af9f64fd5c52556caf991d2cb32ad082047fe66c431dd8485433926f9bec0e77b48b3fe37210c15647092e89bcb7c0ca4ed

  • SSDEEP

    24576:xButuJwtoMvyDu8a6TApXEq3Ulte9eH/kRfKdKmg1JPY64Qf20rp:PKuSVqE6EpX73U49Y/kHmIJPYbQf

Malware Config

Targets

    • Target

      653c38174cc26098f23291a67cbcab5bbbe0d495d703b467aa3909dfac5813c4

    • Size

      1.2MB

    • MD5

      038dabbfcf08b62329425d2562876228

    • SHA1

      83ae0092e1c96ce79a352a68f3b5be5854a66d34

    • SHA256

      653c38174cc26098f23291a67cbcab5bbbe0d495d703b467aa3909dfac5813c4

    • SHA512

      b0080a6aca2a7351b25a38f8d8640af9f64fd5c52556caf991d2cb32ad082047fe66c431dd8485433926f9bec0e77b48b3fe37210c15647092e89bcb7c0ca4ed

    • SSDEEP

      24576:xButuJwtoMvyDu8a6TApXEq3Ulte9eH/kRfKdKmg1JPY64Qf20rp:PKuSVqE6EpX73U49Y/kHmIJPYbQf

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks