General

  • Target

    aeb57ec29efc037c766fcb47c4dfd64e4b73fc87eb0fb8389ec74939600d8476

  • Size

    564KB

  • Sample

    230423-z1by8sfh79

  • MD5

    c80c999db0584247f3297bf99284fb85

  • SHA1

    f7bdd108ea52d2c575a8e1017b3cc98eb39a3734

  • SHA256

    aeb57ec29efc037c766fcb47c4dfd64e4b73fc87eb0fb8389ec74939600d8476

  • SHA512

    a2109d623666e977371d37ec58cff5de851d7806eb2e4c6bfa3b229862216b54badded310028e09e093f5fb4e69a6b006c1fe5008ed0e99589bcceb90be4161f

  • SSDEEP

    12288:by90/39dkxraLXWIc/P3pxIAyzo0z0rnM2J9XcTa:byw39dtXOnpxqPz0bdJ9XcG

Malware Config

Targets

    • Target

      aeb57ec29efc037c766fcb47c4dfd64e4b73fc87eb0fb8389ec74939600d8476

    • Size

      564KB

    • MD5

      c80c999db0584247f3297bf99284fb85

    • SHA1

      f7bdd108ea52d2c575a8e1017b3cc98eb39a3734

    • SHA256

      aeb57ec29efc037c766fcb47c4dfd64e4b73fc87eb0fb8389ec74939600d8476

    • SHA512

      a2109d623666e977371d37ec58cff5de851d7806eb2e4c6bfa3b229862216b54badded310028e09e093f5fb4e69a6b006c1fe5008ed0e99589bcceb90be4161f

    • SSDEEP

      12288:by90/39dkxraLXWIc/P3pxIAyzo0z0rnM2J9XcTa:byw39dtXOnpxqPz0bdJ9XcG

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks