General

  • Target

    70be6777cd1d2ee3c661666ced653ad1dd04f94eac6a6c270f95110fa38af05e

  • Size

    1.2MB

  • Sample

    230423-z872mshe8z

  • MD5

    63c1917a202ab5271a54a56f159792a6

  • SHA1

    9e5e0a5e709c9dba1696f3c80812eea11e27a5bb

  • SHA256

    70be6777cd1d2ee3c661666ced653ad1dd04f94eac6a6c270f95110fa38af05e

  • SHA512

    e3bd80bb24a7394da3f92954846973391b9fdc45783cf3bbae629a40a8b7ffd805245f36bc29441e101aefe90f2a7e5431f362aba7ea3873df58c39b1fc8c5fe

  • SSDEEP

    24576:mu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:70+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      70be6777cd1d2ee3c661666ced653ad1dd04f94eac6a6c270f95110fa38af05e

    • Size

      1.2MB

    • MD5

      63c1917a202ab5271a54a56f159792a6

    • SHA1

      9e5e0a5e709c9dba1696f3c80812eea11e27a5bb

    • SHA256

      70be6777cd1d2ee3c661666ced653ad1dd04f94eac6a6c270f95110fa38af05e

    • SHA512

      e3bd80bb24a7394da3f92954846973391b9fdc45783cf3bbae629a40a8b7ffd805245f36bc29441e101aefe90f2a7e5431f362aba7ea3873df58c39b1fc8c5fe

    • SSDEEP

      24576:mu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:70+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks