General

  • Target

    adbe2cb0e0817725bb2ef46a449cf089c6c6e15c8c5c4989dc02d3ddeb52da30

  • Size

    564KB

  • Sample

    230423-z6csqahe7w

  • MD5

    7c378f461dd3e61265f9ce1b78dd24a0

  • SHA1

    309d8f321ca67738d0471e5d3b11fd6e87cbc5f0

  • SHA256

    adbe2cb0e0817725bb2ef46a449cf089c6c6e15c8c5c4989dc02d3ddeb52da30

  • SHA512

    898bdd769be2232a55a839c9dba551931233fef30b81608c11bd9cf38e3f6b67146e143e0ed3bdbeaeddc26d82312b61c061abf6ff5005429cb467c85197606c

  • SSDEEP

    12288:iy90XhOpA6+8ycbGLBQITQzl0V3CnM8BTZh6ghd4:iybm7cCF7ceV3uTBTZAd

Malware Config

Targets

    • Target

      adbe2cb0e0817725bb2ef46a449cf089c6c6e15c8c5c4989dc02d3ddeb52da30

    • Size

      564KB

    • MD5

      7c378f461dd3e61265f9ce1b78dd24a0

    • SHA1

      309d8f321ca67738d0471e5d3b11fd6e87cbc5f0

    • SHA256

      adbe2cb0e0817725bb2ef46a449cf089c6c6e15c8c5c4989dc02d3ddeb52da30

    • SHA512

      898bdd769be2232a55a839c9dba551931233fef30b81608c11bd9cf38e3f6b67146e143e0ed3bdbeaeddc26d82312b61c061abf6ff5005429cb467c85197606c

    • SSDEEP

      12288:iy90XhOpA6+8ycbGLBQITQzl0V3CnM8BTZh6ghd4:iybm7cCF7ceV3uTBTZAd

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks