General

  • Target

    0e3e54195e61f73660291064442be75fd4b6b48bf0c07a8ebb08f3d5a8ef98c1

  • Size

    704KB

  • Sample

    230423-z8cwhahe8w

  • MD5

    2a58025e1e976b3ff7f01e5c4821764c

  • SHA1

    276fd3b973d16cedd6204ecb8392ebc54737fbdf

  • SHA256

    0e3e54195e61f73660291064442be75fd4b6b48bf0c07a8ebb08f3d5a8ef98c1

  • SHA512

    4945f6f9cc1aa6ae16e8f843888baa5452128c6a7fea6e3a632a2e14a0fbe96b6bb09244ce9727bf70cc394d461805ae080fdae6529bf5a636c52c779985c312

  • SSDEEP

    12288:Sy90yM+cqk8RFzGVa0kNTvjAGkDmB2pJNFp4VpqI1EzCakIzzMqs/KcAIyliedJJ:SyrM+cY3yVa0UpkOyjEVZQPkIHJbz0eV

Malware Config

Targets

    • Target

      0e3e54195e61f73660291064442be75fd4b6b48bf0c07a8ebb08f3d5a8ef98c1

    • Size

      704KB

    • MD5

      2a58025e1e976b3ff7f01e5c4821764c

    • SHA1

      276fd3b973d16cedd6204ecb8392ebc54737fbdf

    • SHA256

      0e3e54195e61f73660291064442be75fd4b6b48bf0c07a8ebb08f3d5a8ef98c1

    • SHA512

      4945f6f9cc1aa6ae16e8f843888baa5452128c6a7fea6e3a632a2e14a0fbe96b6bb09244ce9727bf70cc394d461805ae080fdae6529bf5a636c52c779985c312

    • SSDEEP

      12288:Sy90yM+cqk8RFzGVa0kNTvjAGkDmB2pJNFp4VpqI1EzCakIzzMqs/KcAIyliedJJ:SyrM+cY3yVa0UpkOyjEVZQPkIHJbz0eV

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks