General

  • Target

    5863e91f5c2d00c4bab113e7c9bdd15465228e72d78f5c753b3999d33d56951b

  • Size

    703KB

  • Sample

    230423-z9t66she9s

  • MD5

    21aa81a0be40dfa16eacbaeede1a610f

  • SHA1

    b4af6b104946659de2170d41a264d85a50a15463

  • SHA256

    5863e91f5c2d00c4bab113e7c9bdd15465228e72d78f5c753b3999d33d56951b

  • SHA512

    61b27f1e97b952dbe145e8d113659fe477d9e7fdc191aae3eb4a1a78846e82f349e1a65eb9e82a8f2575a5ba471d650cbf395561f43db1268e5ffb960be70d61

  • SSDEEP

    12288:Xy900G2eqs4lEv0++C72uYYXGn60tMI1hzCunIzAM1m/KJMl:XyW2eqXiNY60bJjnIkqXq

Malware Config

Targets

    • Target

      5863e91f5c2d00c4bab113e7c9bdd15465228e72d78f5c753b3999d33d56951b

    • Size

      703KB

    • MD5

      21aa81a0be40dfa16eacbaeede1a610f

    • SHA1

      b4af6b104946659de2170d41a264d85a50a15463

    • SHA256

      5863e91f5c2d00c4bab113e7c9bdd15465228e72d78f5c753b3999d33d56951b

    • SHA512

      61b27f1e97b952dbe145e8d113659fe477d9e7fdc191aae3eb4a1a78846e82f349e1a65eb9e82a8f2575a5ba471d650cbf395561f43db1268e5ffb960be70d61

    • SSDEEP

      12288:Xy900G2eqs4lEv0++C72uYYXGn60tMI1hzCunIzAM1m/KJMl:XyW2eqXiNY60bJjnIkqXq

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks