General

  • Target

    5fd2552273a17b609c9d1e08126ce606f4507dd7b89d18fa3bbbfa1f0722b613

  • Size

    563KB

  • Sample

    230423-zaacqaff96

  • MD5

    f2eac5efe32fb88c5d3e7c6d7e8b56d4

  • SHA1

    51d0d0ef22131b916c912cc01760a9d89f67b8e6

  • SHA256

    5fd2552273a17b609c9d1e08126ce606f4507dd7b89d18fa3bbbfa1f0722b613

  • SHA512

    6bb372055feb5436d4089bd6ba71ade23dc97270c88c9f6a10bd6c7315767889114be6a314e62d12c2f0f3e9aeae63153ab2b91343040505f76f31a31285348a

  • SSDEEP

    12288:wy90V6dlIQ3D9lsVdJDxDI6Koh8H2sfCeigK0LHI3E+oF:wyoMpcdbDIlQC2WIgKIgE+oF

Malware Config

Targets

    • Target

      5fd2552273a17b609c9d1e08126ce606f4507dd7b89d18fa3bbbfa1f0722b613

    • Size

      563KB

    • MD5

      f2eac5efe32fb88c5d3e7c6d7e8b56d4

    • SHA1

      51d0d0ef22131b916c912cc01760a9d89f67b8e6

    • SHA256

      5fd2552273a17b609c9d1e08126ce606f4507dd7b89d18fa3bbbfa1f0722b613

    • SHA512

      6bb372055feb5436d4089bd6ba71ade23dc97270c88c9f6a10bd6c7315767889114be6a314e62d12c2f0f3e9aeae63153ab2b91343040505f76f31a31285348a

    • SSDEEP

      12288:wy90V6dlIQ3D9lsVdJDxDI6Koh8H2sfCeigK0LHI3E+oF:wyoMpcdbDIlQC2WIgKIgE+oF

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks