General

  • Target

    f1da6b6c4a051a95e98e58a9824e0a77c7b7c0485c1189134dd1733325af6ca9

  • Size

    1.2MB

  • Sample

    230423-z6wktshe7z

  • MD5

    2d29714d25acbdd31d4ab8ea4490d193

  • SHA1

    fe5a7bddf8e86ed52def8d5f6fa95f77198fd4a4

  • SHA256

    f1da6b6c4a051a95e98e58a9824e0a77c7b7c0485c1189134dd1733325af6ca9

  • SHA512

    0ca871459be306638a2de21c91292ceb08099cfaa54763be4e49827fc3643b6e6e5f19046f31bae64e2a867f36b146380d68498f9dd6a8641223927492e5779b

  • SSDEEP

    24576:Ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:D0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      f1da6b6c4a051a95e98e58a9824e0a77c7b7c0485c1189134dd1733325af6ca9

    • Size

      1.2MB

    • MD5

      2d29714d25acbdd31d4ab8ea4490d193

    • SHA1

      fe5a7bddf8e86ed52def8d5f6fa95f77198fd4a4

    • SHA256

      f1da6b6c4a051a95e98e58a9824e0a77c7b7c0485c1189134dd1733325af6ca9

    • SHA512

      0ca871459be306638a2de21c91292ceb08099cfaa54763be4e49827fc3643b6e6e5f19046f31bae64e2a867f36b146380d68498f9dd6a8641223927492e5779b

    • SSDEEP

      24576:Ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:D0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks