General

  • Target

    85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

  • Size

    704KB

  • Sample

    230423-z45eysfh99

  • MD5

    fdc221f7aa10f8c25f34af0faa0f833b

  • SHA1

    2a0ff7ca50717afaf694cc13b255552577b91622

  • SHA256

    85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

  • SHA512

    50e9c1501695993ae28877d30990c07bad26132f03a715bfb92eab647abe1dc73705201616e793f669ca5a02e08eaa382803434300788da0aea2ee630b20333f

  • SSDEEP

    12288:Jy904wMcDGTylyuWUeMevT979GTDmBbOG4ErcywlI18zCXqIzVMhn/KFqSHAyWWd:JyXwLSTAzVQB7MTOb+EnoiqIhetRyR

Malware Config

Targets

    • Target

      85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

    • Size

      704KB

    • MD5

      fdc221f7aa10f8c25f34af0faa0f833b

    • SHA1

      2a0ff7ca50717afaf694cc13b255552577b91622

    • SHA256

      85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

    • SHA512

      50e9c1501695993ae28877d30990c07bad26132f03a715bfb92eab647abe1dc73705201616e793f669ca5a02e08eaa382803434300788da0aea2ee630b20333f

    • SSDEEP

      12288:Jy904wMcDGTylyuWUeMevT979GTDmBbOG4ErcywlI18zCXqIzVMhn/KFqSHAyWWd:JyXwLSTAzVQB7MTOb+EnoiqIhetRyR

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks