General

  • Target

    b1814ded70eec86325194a49043c8d5a6f324a5f9cfe161969176c1fee8b6a0f

  • Size

    704KB

  • Sample

    230423-z7swbshe8t

  • MD5

    e0a4f9560216fcfdf3c0f149787a131a

  • SHA1

    98b9773f95bdaae13347bd1d6e665642d446e7a9

  • SHA256

    b1814ded70eec86325194a49043c8d5a6f324a5f9cfe161969176c1fee8b6a0f

  • SHA512

    efc43d96c0e296f49c9b471d3611eb94aa782c201fcc4229ed5585ba9ac0cc0c545b63bfd7f73d430f0a4a54ef7e8f8ba9472b4c2a4ed0deafac168ee5cef66b

  • SSDEEP

    12288:hy90GEoHT9MSRUo9xETEjrGYVuwpVbKbVwfM8KI1qzCYTIzYMGM/KN2Yxvb6I:hypSo9xfjrG4PzKbufJCFTIsxJB

Malware Config

Targets

    • Target

      b1814ded70eec86325194a49043c8d5a6f324a5f9cfe161969176c1fee8b6a0f

    • Size

      704KB

    • MD5

      e0a4f9560216fcfdf3c0f149787a131a

    • SHA1

      98b9773f95bdaae13347bd1d6e665642d446e7a9

    • SHA256

      b1814ded70eec86325194a49043c8d5a6f324a5f9cfe161969176c1fee8b6a0f

    • SHA512

      efc43d96c0e296f49c9b471d3611eb94aa782c201fcc4229ed5585ba9ac0cc0c545b63bfd7f73d430f0a4a54ef7e8f8ba9472b4c2a4ed0deafac168ee5cef66b

    • SSDEEP

      12288:hy90GEoHT9MSRUo9xETEjrGYVuwpVbKbVwfM8KI1qzCYTIzYMGM/KN2Yxvb6I:hypSo9xfjrG4PzKbufJCFTIsxJB

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks