General

  • Target

    ba8575890f090e2f1526a1c56ef13ddecd3e217fb1863c104851ef6b57b0a161

  • Size

    564KB

  • Sample

    230423-z36lmafh89

  • MD5

    a451e8e6a50e84a5d0933dd38fcc2c38

  • SHA1

    107a4925c47a5e519aa34ab108d4536c31ae6253

  • SHA256

    ba8575890f090e2f1526a1c56ef13ddecd3e217fb1863c104851ef6b57b0a161

  • SHA512

    e642a91b3262372e298ead6fc7e66b80ce58d29277f44556ea7d705a5a2098c82173c1b95f59a1d0a38d2132d7ee4fd2add6d50f6acf6b795da5a2f15d94d8c0

  • SSDEEP

    12288:Ry90Kbc15r2FKNqZIehzT0DYmnMBoyVCVq92l:Ry5+0KNqXJwDYyqoyVAqY

Malware Config

Targets

    • Target

      ba8575890f090e2f1526a1c56ef13ddecd3e217fb1863c104851ef6b57b0a161

    • Size

      564KB

    • MD5

      a451e8e6a50e84a5d0933dd38fcc2c38

    • SHA1

      107a4925c47a5e519aa34ab108d4536c31ae6253

    • SHA256

      ba8575890f090e2f1526a1c56ef13ddecd3e217fb1863c104851ef6b57b0a161

    • SHA512

      e642a91b3262372e298ead6fc7e66b80ce58d29277f44556ea7d705a5a2098c82173c1b95f59a1d0a38d2132d7ee4fd2add6d50f6acf6b795da5a2f15d94d8c0

    • SSDEEP

      12288:Ry90Kbc15r2FKNqZIehzT0DYmnMBoyVCVq92l:Ry5+0KNqXJwDYyqoyVAqY

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks