General

  • Target

    648293940f546cbc4e5c92b63e426c62f9e068ebe63b1b72c947501d33b71530

  • Size

    704KB

  • Sample

    230423-z6c4gshe7x

  • MD5

    ed8e9335602f5b041999315ba285f5e4

  • SHA1

    b880c513dc5cf9342ee17a1b352ed1588cacf5e1

  • SHA256

    648293940f546cbc4e5c92b63e426c62f9e068ebe63b1b72c947501d33b71530

  • SHA512

    1b537531b0e51f92799a069995556f8537fef8ce5871e8bddb13bb09bd1570e78aefb679f449df8a72c52f21ade64482c75a0f65c3c7f0d2b5e356c019e470ee

  • SSDEEP

    12288:Wy90OQ/aCCXHGTIVDQQu8tc7AT4JGUDlbcmR33UlI1qzCtPIzmMCJ/K4CzAfec:WyhJmTIVs9yc0cIU2a3JCwPI6Jpec

Malware Config

Targets

    • Target

      648293940f546cbc4e5c92b63e426c62f9e068ebe63b1b72c947501d33b71530

    • Size

      704KB

    • MD5

      ed8e9335602f5b041999315ba285f5e4

    • SHA1

      b880c513dc5cf9342ee17a1b352ed1588cacf5e1

    • SHA256

      648293940f546cbc4e5c92b63e426c62f9e068ebe63b1b72c947501d33b71530

    • SHA512

      1b537531b0e51f92799a069995556f8537fef8ce5871e8bddb13bb09bd1570e78aefb679f449df8a72c52f21ade64482c75a0f65c3c7f0d2b5e356c019e470ee

    • SSDEEP

      12288:Wy90OQ/aCCXHGTIVDQQu8tc7AT4JGUDlbcmR33UlI1qzCtPIzmMCJ/K4CzAfec:WyhJmTIVs9yc0cIU2a3JCwPI6Jpec

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks