General

  • Target

    10ef4ae0784c03c2b172bd6eff3a2a4be0c054c2794273f641ac9d631588a727

  • Size

    563KB

  • Sample

    230423-y8lyqsff86

  • MD5

    94103d2e85ff4c46c881aa1c3cbe8314

  • SHA1

    bca543565db9369a7b88d5872e2a166ae7ff1ded

  • SHA256

    10ef4ae0784c03c2b172bd6eff3a2a4be0c054c2794273f641ac9d631588a727

  • SHA512

    032463cc7ba4fe1445e7fcb643cc5b95fc886dc7f148462bcb78d4b615ab1b5c9cb93e5b2bc6cc29f537dfc64da2b0e10ee769b4b110e772615ff0a7eba14c79

  • SSDEEP

    12288:2y90xALyWNgOc+4ls8WhTH2UhCeieKlg8G:2ymA2O34ls8eD2CIeKlxG

Malware Config

Targets

    • Target

      10ef4ae0784c03c2b172bd6eff3a2a4be0c054c2794273f641ac9d631588a727

    • Size

      563KB

    • MD5

      94103d2e85ff4c46c881aa1c3cbe8314

    • SHA1

      bca543565db9369a7b88d5872e2a166ae7ff1ded

    • SHA256

      10ef4ae0784c03c2b172bd6eff3a2a4be0c054c2794273f641ac9d631588a727

    • SHA512

      032463cc7ba4fe1445e7fcb643cc5b95fc886dc7f148462bcb78d4b615ab1b5c9cb93e5b2bc6cc29f537dfc64da2b0e10ee769b4b110e772615ff0a7eba14c79

    • SSDEEP

      12288:2y90xALyWNgOc+4ls8WhTH2UhCeieKlg8G:2ymA2O34ls8eD2CIeKlxG

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks