General

  • Target

    139a0ed4d10304e652e7f18937914bee79ec8cd4fe8d5c0f492aa9d4789d75ce

  • Size

    563KB

  • Sample

    230423-z7w8raga38

  • MD5

    e83c5e0deb1f3f6630e04b7cc141fe6d

  • SHA1

    158ba3471d4e1ef05bec803c80f9aff561dded83

  • SHA256

    139a0ed4d10304e652e7f18937914bee79ec8cd4fe8d5c0f492aa9d4789d75ce

  • SHA512

    bd417735665ca7847797666b1efc54eb38868871c51e8dbd349c8b3f184d1c4f03811405a5254e3cdfeb006a95a408e9cdd4524fdbdae966b3dec76bdeb64367

  • SSDEEP

    12288:Ty90FHycG/zKfIJIGdzK0J4zGMQ2wA7q:TyuHILKf4lFJ4ib2dO

Malware Config

Targets

    • Target

      139a0ed4d10304e652e7f18937914bee79ec8cd4fe8d5c0f492aa9d4789d75ce

    • Size

      563KB

    • MD5

      e83c5e0deb1f3f6630e04b7cc141fe6d

    • SHA1

      158ba3471d4e1ef05bec803c80f9aff561dded83

    • SHA256

      139a0ed4d10304e652e7f18937914bee79ec8cd4fe8d5c0f492aa9d4789d75ce

    • SHA512

      bd417735665ca7847797666b1efc54eb38868871c51e8dbd349c8b3f184d1c4f03811405a5254e3cdfeb006a95a408e9cdd4524fdbdae966b3dec76bdeb64367

    • SSDEEP

      12288:Ty90FHycG/zKfIJIGdzK0J4zGMQ2wA7q:TyuHILKf4lFJ4ib2dO

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks