General

  • Target

    17166224a245aefa12107ac46b0464f6355a03bbb99480764051e084326d6f0a

  • Size

    1.2MB

  • Sample

    230423-z1rppahe41

  • MD5

    697b365801fc73d14a143880ce962715

  • SHA1

    f9de4989fa8f5b31b1417fbec63c7800e6172a5e

  • SHA256

    17166224a245aefa12107ac46b0464f6355a03bbb99480764051e084326d6f0a

  • SHA512

    6fe93c74d2c653a8402729939b13efee27f5b5afeb3724574c562e33de0edaea878a9db0e45d5b706353b75535b2990998f66d3c6854025c984915117bf2d5f8

  • SSDEEP

    24576:Xu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:e0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      17166224a245aefa12107ac46b0464f6355a03bbb99480764051e084326d6f0a

    • Size

      1.2MB

    • MD5

      697b365801fc73d14a143880ce962715

    • SHA1

      f9de4989fa8f5b31b1417fbec63c7800e6172a5e

    • SHA256

      17166224a245aefa12107ac46b0464f6355a03bbb99480764051e084326d6f0a

    • SHA512

      6fe93c74d2c653a8402729939b13efee27f5b5afeb3724574c562e33de0edaea878a9db0e45d5b706353b75535b2990998f66d3c6854025c984915117bf2d5f8

    • SSDEEP

      24576:Xu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:e0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks