General

  • Target

    7335821be8f901e5550c5e62a1ec82a9de24a1fc4a7ec94cabf365030e699ac9

  • Size

    563KB

  • Sample

    230423-z4gc5afh94

  • MD5

    10d56797781ad564d59f5c01f4913b56

  • SHA1

    49b21dc1a1374450f6a8152707918a2b69464d87

  • SHA256

    7335821be8f901e5550c5e62a1ec82a9de24a1fc4a7ec94cabf365030e699ac9

  • SHA512

    bd4e6d7a81330bb1fdc3ea25c39d6de285408965fa64fa7d1e6a6b48fc53981664acfa57a295438d38d53a4e09497158026c0ed92c8a36998c93c35923e79bb7

  • SSDEEP

    6144:49p0yN90QE7IySJo+8Vs6EkmiglEdVEIVkzepfsOLTzmb5hMa26aFDXH9qIDV3sV:ry90ZkrqdeIVkzq0OXzgMXFjnDV3siI

Malware Config

Targets

    • Target

      7335821be8f901e5550c5e62a1ec82a9de24a1fc4a7ec94cabf365030e699ac9

    • Size

      563KB

    • MD5

      10d56797781ad564d59f5c01f4913b56

    • SHA1

      49b21dc1a1374450f6a8152707918a2b69464d87

    • SHA256

      7335821be8f901e5550c5e62a1ec82a9de24a1fc4a7ec94cabf365030e699ac9

    • SHA512

      bd4e6d7a81330bb1fdc3ea25c39d6de285408965fa64fa7d1e6a6b48fc53981664acfa57a295438d38d53a4e09497158026c0ed92c8a36998c93c35923e79bb7

    • SSDEEP

      6144:49p0yN90QE7IySJo+8Vs6EkmiglEdVEIVkzepfsOLTzmb5hMa26aFDXH9qIDV3sV:ry90ZkrqdeIVkzq0OXzgMXFjnDV3siI

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks