General

  • Target

    9a8576fc836a8b27df248763ca83d1e34f243a61341b288e4b49274cac7c80ca

  • Size

    564KB

  • Sample

    230423-z19v9sfh84

  • MD5

    11b6ecd3761e07d29003b64277da4a83

  • SHA1

    e3ff2e2f9360faef23b7633091712505360f1520

  • SHA256

    9a8576fc836a8b27df248763ca83d1e34f243a61341b288e4b49274cac7c80ca

  • SHA512

    106a567151efca4ff3b9781ef9a5ade8027499adc209557d9dbb4fb1e04450035742b3aad1af2e931c15972f8998627561d575311eef9341f8a360642ebc23e8

  • SSDEEP

    12288:py90peqwiwUwNzxcTJcIaazf0aGOnM0JPAhMX:py6eqwzntcoSsaGavmhMX

Malware Config

Targets

    • Target

      9a8576fc836a8b27df248763ca83d1e34f243a61341b288e4b49274cac7c80ca

    • Size

      564KB

    • MD5

      11b6ecd3761e07d29003b64277da4a83

    • SHA1

      e3ff2e2f9360faef23b7633091712505360f1520

    • SHA256

      9a8576fc836a8b27df248763ca83d1e34f243a61341b288e4b49274cac7c80ca

    • SHA512

      106a567151efca4ff3b9781ef9a5ade8027499adc209557d9dbb4fb1e04450035742b3aad1af2e931c15972f8998627561d575311eef9341f8a360642ebc23e8

    • SSDEEP

      12288:py90peqwiwUwNzxcTJcIaazf0aGOnM0JPAhMX:py6eqwzntcoSsaGavmhMX

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks