General

  • Target

    a770401d4466ad91f6aacf4435fe1bbcf0b68762d9e723130b2fcf62e4ba9624

  • Size

    704KB

  • Sample

    230423-z2gwwahe5v

  • MD5

    19b5121312cb06797168197825395fcb

  • SHA1

    530a4580929a3bad4704b0e9db5d3f1097d3275c

  • SHA256

    a770401d4466ad91f6aacf4435fe1bbcf0b68762d9e723130b2fcf62e4ba9624

  • SHA512

    b506abf7044e2b09ad7d3fa05aecb1e03ac1e86bdc351cf2454eed7bfafccec34f3f146c57d397d50c7e68d0ed137ffa689d8c1acf99e0406377943382b11fc4

  • SSDEEP

    12288:2y90Kwf+iefjTRXVFG0DmBLxnCiI1BzCWqIzkMzR/KSb6IL:2y+f+77xVU0OdnmpHqIgcZL

Malware Config

Targets

    • Target

      a770401d4466ad91f6aacf4435fe1bbcf0b68762d9e723130b2fcf62e4ba9624

    • Size

      704KB

    • MD5

      19b5121312cb06797168197825395fcb

    • SHA1

      530a4580929a3bad4704b0e9db5d3f1097d3275c

    • SHA256

      a770401d4466ad91f6aacf4435fe1bbcf0b68762d9e723130b2fcf62e4ba9624

    • SHA512

      b506abf7044e2b09ad7d3fa05aecb1e03ac1e86bdc351cf2454eed7bfafccec34f3f146c57d397d50c7e68d0ed137ffa689d8c1acf99e0406377943382b11fc4

    • SSDEEP

      12288:2y90Kwf+iefjTRXVFG0DmBLxnCiI1BzCWqIzkMzR/KSb6IL:2y+f+77xVU0OdnmpHqIgcZL

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks