General

  • Target

    5906cc1d34e375cdf4e95d27926367d3c5d2d836fc2d737ff83fa2cfc89211c1

  • Size

    704KB

  • Sample

    230423-z4evasfh93

  • MD5

    7e7709713c00f3c6e734948956f93574

  • SHA1

    efa7c832bd7a963d1f625f63c78a390d195e3568

  • SHA256

    5906cc1d34e375cdf4e95d27926367d3c5d2d836fc2d737ff83fa2cfc89211c1

  • SHA512

    fbfe2b8a57f2f760639fffa8ef404a1a346483423c26e274fd826c8294722ec9d834696900862e73fe33db14ff1f8a7429cea08cc8c2ab4fb2f7e3faa727bb95

  • SSDEEP

    12288:yy90k6HtqPoqdwIOLN1RB/7Is7TgZvQFI1zzCCWIzdMzH/KGQgao:yysfqdbOLNrhIsvgZvQc/vWI5gMgD

Malware Config

Targets

    • Target

      5906cc1d34e375cdf4e95d27926367d3c5d2d836fc2d737ff83fa2cfc89211c1

    • Size

      704KB

    • MD5

      7e7709713c00f3c6e734948956f93574

    • SHA1

      efa7c832bd7a963d1f625f63c78a390d195e3568

    • SHA256

      5906cc1d34e375cdf4e95d27926367d3c5d2d836fc2d737ff83fa2cfc89211c1

    • SHA512

      fbfe2b8a57f2f760639fffa8ef404a1a346483423c26e274fd826c8294722ec9d834696900862e73fe33db14ff1f8a7429cea08cc8c2ab4fb2f7e3faa727bb95

    • SSDEEP

      12288:yy90k6HtqPoqdwIOLN1RB/7Is7TgZvQFI1zzCCWIzdMzH/KGQgao:yysfqdbOLNrhIsvgZvQc/vWI5gMgD

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks