General

  • Target

    8d17abeea1bf161db5935c4e59aa03e19e30f5370ac3d6211d780b75639137b7

  • Size

    1.2MB

  • Sample

    230423-z57xgahe7t

  • MD5

    9c62f894ef81ac3f6685c101ac6d24ee

  • SHA1

    55f65ab9eba155550663354478309bf904b36b3d

  • SHA256

    8d17abeea1bf161db5935c4e59aa03e19e30f5370ac3d6211d780b75639137b7

  • SHA512

    f005f4634efec2812ab859350a0647bde8756225e8236803ab9cd50eadc2e47634d73b65801a5499ce084debda7b2d62210142344b974f0e5379145e3f15374d

  • SSDEEP

    24576:/u0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:m0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      8d17abeea1bf161db5935c4e59aa03e19e30f5370ac3d6211d780b75639137b7

    • Size

      1.2MB

    • MD5

      9c62f894ef81ac3f6685c101ac6d24ee

    • SHA1

      55f65ab9eba155550663354478309bf904b36b3d

    • SHA256

      8d17abeea1bf161db5935c4e59aa03e19e30f5370ac3d6211d780b75639137b7

    • SHA512

      f005f4634efec2812ab859350a0647bde8756225e8236803ab9cd50eadc2e47634d73b65801a5499ce084debda7b2d62210142344b974f0e5379145e3f15374d

    • SSDEEP

      24576:/u0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:m0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks