General

  • Target

    f9d572ff08847bba98955e339889922ad1cc372ad865811b6ab7158b5e3ca7ee

  • Size

    564KB

  • Sample

    230423-z5a8hahe61

  • MD5

    b60f0882fcf360926ef05517aeed1328

  • SHA1

    27a0782c08f5f369bae3dcfeebedbfc7cca99949

  • SHA256

    f9d572ff08847bba98955e339889922ad1cc372ad865811b6ab7158b5e3ca7ee

  • SHA512

    95e1c453a273c05a31bf4bff968d8dfdc9f3c0862e44c71a9ca945241227f9249cc3607fc06bd3587c1e1ddbcbede4f956036c31c1877f84110123acddee6e5a

  • SSDEEP

    12288:3y90+2GufqlW6moM45ROEcI04zE0HGznM8dFcDgyXRr0:3y2GufqYwpRTAkrHGjrdFcXRr0

Malware Config

Targets

    • Target

      f9d572ff08847bba98955e339889922ad1cc372ad865811b6ab7158b5e3ca7ee

    • Size

      564KB

    • MD5

      b60f0882fcf360926ef05517aeed1328

    • SHA1

      27a0782c08f5f369bae3dcfeebedbfc7cca99949

    • SHA256

      f9d572ff08847bba98955e339889922ad1cc372ad865811b6ab7158b5e3ca7ee

    • SHA512

      95e1c453a273c05a31bf4bff968d8dfdc9f3c0862e44c71a9ca945241227f9249cc3607fc06bd3587c1e1ddbcbede4f956036c31c1877f84110123acddee6e5a

    • SSDEEP

      12288:3y90+2GufqlW6moM45ROEcI04zE0HGznM8dFcDgyXRr0:3y2GufqYwpRTAkrHGjrdFcXRr0

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks