General

  • Target

    95cb874f681a54aad9536ce273482217667422015d25a2e3febe7b2e104cb734

  • Size

    705KB

  • Sample

    230423-z22laafh86

  • MD5

    e382a8275d38628b445dea64c834cff6

  • SHA1

    60fd92c48ef25188086ed1fc6519d536e9b523ab

  • SHA256

    95cb874f681a54aad9536ce273482217667422015d25a2e3febe7b2e104cb734

  • SHA512

    ed33a7fa2137870bc528af667e9499e74e4728c7fc1665dc73a646a7fd34c342da40842901a62f7fed1ac89409a16849f86bae4b2600e8ebb6ce683cbdf298ff

  • SSDEEP

    12288:wy90N/FVN844Cvipc9vYagto23p1ElVewhAu8xyD5vFrI1MzCVmIzwM+v/KKiuV+:wymNPLviEvY3j3AP/eu8xyDxcYEmI8Bi

Malware Config

Targets

    • Target

      95cb874f681a54aad9536ce273482217667422015d25a2e3febe7b2e104cb734

    • Size

      705KB

    • MD5

      e382a8275d38628b445dea64c834cff6

    • SHA1

      60fd92c48ef25188086ed1fc6519d536e9b523ab

    • SHA256

      95cb874f681a54aad9536ce273482217667422015d25a2e3febe7b2e104cb734

    • SHA512

      ed33a7fa2137870bc528af667e9499e74e4728c7fc1665dc73a646a7fd34c342da40842901a62f7fed1ac89409a16849f86bae4b2600e8ebb6ce683cbdf298ff

    • SSDEEP

      12288:wy90N/FVN844Cvipc9vYagto23p1ElVewhAu8xyD5vFrI1MzCVmIzwM+v/KKiuV+:wymNPLviEvY3j3AP/eu8xyDxcYEmI8Bi

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks