General

  • Target

    d5fa92b1532d00e5a2398109e873d6ba1a8a85ea088c77c44e8ecd8a7e3f4f98

  • Size

    563KB

  • Sample

    230423-y88gqshd3w

  • MD5

    c87bcf1bd9c3f8c3d70d506471bf8ccc

  • SHA1

    f828f4ddb2547d058965db0db028089481ba2c34

  • SHA256

    d5fa92b1532d00e5a2398109e873d6ba1a8a85ea088c77c44e8ecd8a7e3f4f98

  • SHA512

    26a974237b7c872f6b4744a1cea11adb68f6f17ab458ecd4e2ca30c9f96ac9e83a981478c87677cb81ec0de98a9e8d7da770ef089b0217b550e7bd1dce326e25

  • SSDEEP

    12288:Uy90RExcnqweXsK3gQsMg3GGsZyIhrH2kpCei5KvSLv2rhD:Uybxcnqwugqgbeyw72kI5KbD

Malware Config

Targets

    • Target

      d5fa92b1532d00e5a2398109e873d6ba1a8a85ea088c77c44e8ecd8a7e3f4f98

    • Size

      563KB

    • MD5

      c87bcf1bd9c3f8c3d70d506471bf8ccc

    • SHA1

      f828f4ddb2547d058965db0db028089481ba2c34

    • SHA256

      d5fa92b1532d00e5a2398109e873d6ba1a8a85ea088c77c44e8ecd8a7e3f4f98

    • SHA512

      26a974237b7c872f6b4744a1cea11adb68f6f17ab458ecd4e2ca30c9f96ac9e83a981478c87677cb81ec0de98a9e8d7da770ef089b0217b550e7bd1dce326e25

    • SSDEEP

      12288:Uy90RExcnqweXsK3gQsMg3GGsZyIhrH2kpCei5KvSLv2rhD:Uybxcnqwugqgbeyw72kI5KbD

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks