General

  • Target

    bd7be242ea24064194ecd1ca7cc43d1ac28218a62a71f346244a7ad395cc2cae

  • Size

    1.2MB

  • Sample

    230423-y9q9vaff93

  • MD5

    ffaaf2f623c21618e225d204a535aca8

  • SHA1

    427e6779d2277ab97b865e3a8ee31e84378696fa

  • SHA256

    bd7be242ea24064194ecd1ca7cc43d1ac28218a62a71f346244a7ad395cc2cae

  • SHA512

    cf61e6718605cc53e4d9bf3fd3a736adc664c628587287c15e87a39a4916bc3409196804123435d93d3e182e08cc9a7cf1f756886c1db8c7c8f97ec6391ea16f

  • SSDEEP

    24576:j8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:4KoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      bd7be242ea24064194ecd1ca7cc43d1ac28218a62a71f346244a7ad395cc2cae

    • Size

      1.2MB

    • MD5

      ffaaf2f623c21618e225d204a535aca8

    • SHA1

      427e6779d2277ab97b865e3a8ee31e84378696fa

    • SHA256

      bd7be242ea24064194ecd1ca7cc43d1ac28218a62a71f346244a7ad395cc2cae

    • SHA512

      cf61e6718605cc53e4d9bf3fd3a736adc664c628587287c15e87a39a4916bc3409196804123435d93d3e182e08cc9a7cf1f756886c1db8c7c8f97ec6391ea16f

    • SSDEEP

      24576:j8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:4KoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks