General

  • Target

    ddf70b408d5d5d458e6ca0105baf0d01fe8c08931125e643c221aac0523855a4

  • Size

    704KB

  • Sample

    230423-z6mmxsga27

  • MD5

    b014f3a842b2c30f422d3daed873a894

  • SHA1

    932b4a82baa4b2c08cc43732a80f521be47a6988

  • SHA256

    ddf70b408d5d5d458e6ca0105baf0d01fe8c08931125e643c221aac0523855a4

  • SHA512

    1b29aa2c1967211a44e309c1e54258db00af20a1893cc00f4bdb4b4ce84557fce968cdbd5aebaf2a86aa4e0419bafed0f4867a053bca1b637ec022b461ca1fbd

  • SSDEEP

    12288:gy9082ERD9slx9jBWDufp14vZv8OJnHbcWI1QzCqHIzYMf9/rx5urDxFV6xC:gy47VBsCp1Yv97ccDHIkUcMM

Malware Config

Targets

    • Target

      ddf70b408d5d5d458e6ca0105baf0d01fe8c08931125e643c221aac0523855a4

    • Size

      704KB

    • MD5

      b014f3a842b2c30f422d3daed873a894

    • SHA1

      932b4a82baa4b2c08cc43732a80f521be47a6988

    • SHA256

      ddf70b408d5d5d458e6ca0105baf0d01fe8c08931125e643c221aac0523855a4

    • SHA512

      1b29aa2c1967211a44e309c1e54258db00af20a1893cc00f4bdb4b4ce84557fce968cdbd5aebaf2a86aa4e0419bafed0f4867a053bca1b637ec022b461ca1fbd

    • SSDEEP

      12288:gy9082ERD9slx9jBWDufp14vZv8OJnHbcWI1QzCqHIzYMf9/rx5urDxFV6xC:gy47VBsCp1Yv97ccDHIkUcMM

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks