General

  • Target

    cffae6addf99eb91dd68e9769ff8a47a18d950eaadb3ee6fe4d077757089d96e

  • Size

    1.2MB

  • Sample

    230423-z42n3ahe6z

  • MD5

    231d53b58d8e5321a139183187015795

  • SHA1

    122c821d558939501691648ce0b41ab807af906b

  • SHA256

    cffae6addf99eb91dd68e9769ff8a47a18d950eaadb3ee6fe4d077757089d96e

  • SHA512

    2efbbcfc87f06f3e9f79a3b8cd4cbd7624cac88117a0aaba3127fc7c9061d702d7cc70b899c550d33ccb5706b2bca470d2c9924a0beab8957d299660504972af

  • SSDEEP

    24576:hu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:Y0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      cffae6addf99eb91dd68e9769ff8a47a18d950eaadb3ee6fe4d077757089d96e

    • Size

      1.2MB

    • MD5

      231d53b58d8e5321a139183187015795

    • SHA1

      122c821d558939501691648ce0b41ab807af906b

    • SHA256

      cffae6addf99eb91dd68e9769ff8a47a18d950eaadb3ee6fe4d077757089d96e

    • SHA512

      2efbbcfc87f06f3e9f79a3b8cd4cbd7624cac88117a0aaba3127fc7c9061d702d7cc70b899c550d33ccb5706b2bca470d2c9924a0beab8957d299660504972af

    • SSDEEP

      24576:hu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:Y0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks