General

  • Target

    d25ce458d4604b07cd91fdc2b25359954568ab58b79c30e036d61ce42e654ad3

  • Size

    1.2MB

  • Sample

    230423-z18yzahe5t

  • MD5

    d41f84a7d626eca22d62e49709e4c6d6

  • SHA1

    06bc25e47b1bc2ee82cc58fee9c5cca8f05e0020

  • SHA256

    d25ce458d4604b07cd91fdc2b25359954568ab58b79c30e036d61ce42e654ad3

  • SHA512

    e1ecb8ddd56d3b0fbf491a594167f132ff34c0a4546558e55d9ab7b07b8032433024e63d3fe1a612cebfde564a6d4dd59e9789884e209765cf428be861cb49b8

  • SSDEEP

    24576:hu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:Y0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      d25ce458d4604b07cd91fdc2b25359954568ab58b79c30e036d61ce42e654ad3

    • Size

      1.2MB

    • MD5

      d41f84a7d626eca22d62e49709e4c6d6

    • SHA1

      06bc25e47b1bc2ee82cc58fee9c5cca8f05e0020

    • SHA256

      d25ce458d4604b07cd91fdc2b25359954568ab58b79c30e036d61ce42e654ad3

    • SHA512

      e1ecb8ddd56d3b0fbf491a594167f132ff34c0a4546558e55d9ab7b07b8032433024e63d3fe1a612cebfde564a6d4dd59e9789884e209765cf428be861cb49b8

    • SSDEEP

      24576:hu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:Y0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks