General

  • Target

    4772fca31ff28ba2a8d0afbc0653433ace17ba7f067ac70c8e932ac3ab06b8a4

  • Size

    563KB

  • Sample

    230423-z7e98sga37

  • MD5

    ae7204e6b250ac4304af1de7068286b1

  • SHA1

    3016d1a84d8af4c5594d1b30a164feaa08096092

  • SHA256

    4772fca31ff28ba2a8d0afbc0653433ace17ba7f067ac70c8e932ac3ab06b8a4

  • SHA512

    afb8f783c0c21a1e826c9b8af8988ff113dd60153817ab3d64c189c3d77947aeb79ee527b32033043a7cb347847ed808025735abfab920d413d0c51a3e7a22f3

  • SSDEEP

    12288:sy907HXIYlPAKtmX/rIEYzL0eq4nMfATYkUUUpS+P:syq4ikHEoeqIMyYOw

Malware Config

Targets

    • Target

      4772fca31ff28ba2a8d0afbc0653433ace17ba7f067ac70c8e932ac3ab06b8a4

    • Size

      563KB

    • MD5

      ae7204e6b250ac4304af1de7068286b1

    • SHA1

      3016d1a84d8af4c5594d1b30a164feaa08096092

    • SHA256

      4772fca31ff28ba2a8d0afbc0653433ace17ba7f067ac70c8e932ac3ab06b8a4

    • SHA512

      afb8f783c0c21a1e826c9b8af8988ff113dd60153817ab3d64c189c3d77947aeb79ee527b32033043a7cb347847ed808025735abfab920d413d0c51a3e7a22f3

    • SSDEEP

      12288:sy907HXIYlPAKtmX/rIEYzL0eq4nMfATYkUUUpS+P:syq4ikHEoeqIMyYOw

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks