General

  • Target

    21213d789ac77207d93dbe7a43f879cefbba0f942c5b97f4d58d98f1e456d00d

  • Size

    706KB

  • Sample

    230423-pztsjsfa4v

  • MD5

    0d26a12053709510b164f4f10ee23f3c

  • SHA1

    8444b649626db4761c4018b9c41c5c1b0ebf6318

  • SHA256

    21213d789ac77207d93dbe7a43f879cefbba0f942c5b97f4d58d98f1e456d00d

  • SHA512

    30b256c1528fd9a80e2c3e088de3358d350d4ef9bb8cbed5478b6396418c6fff611bbc5e92adcfbb2a4bd8b49ab640f2881d72b2b67eb0d3b5c2ee49266fc0e4

  • SSDEEP

    12288:cy900KUJQuGO/lhC3FgwiYZsuanpZc2zEdg2VoyzPmUSYOMjY2CMKDyt:cyzKpClheFg4sfzT4Z6yzSv2+et

Malware Config

Targets

    • Target

      21213d789ac77207d93dbe7a43f879cefbba0f942c5b97f4d58d98f1e456d00d

    • Size

      706KB

    • MD5

      0d26a12053709510b164f4f10ee23f3c

    • SHA1

      8444b649626db4761c4018b9c41c5c1b0ebf6318

    • SHA256

      21213d789ac77207d93dbe7a43f879cefbba0f942c5b97f4d58d98f1e456d00d

    • SHA512

      30b256c1528fd9a80e2c3e088de3358d350d4ef9bb8cbed5478b6396418c6fff611bbc5e92adcfbb2a4bd8b49ab640f2881d72b2b67eb0d3b5c2ee49266fc0e4

    • SSDEEP

      12288:cy900KUJQuGO/lhC3FgwiYZsuanpZc2zEdg2VoyzPmUSYOMjY2CMKDyt:cyzKpClheFg4sfzT4Z6yzSv2+et

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks