General

  • Target

    abfc8a2793a05632da1b9af386c30f719425f1921c944eb55007f3d0b1c5d2f9

  • Size

    703KB

  • Sample

    230423-zadedaff99

  • MD5

    4603ace63a09e3b9f5a10402c5f56248

  • SHA1

    67bf1e675fbd9c1955a3d9fe9d5f4611b75ce647

  • SHA256

    abfc8a2793a05632da1b9af386c30f719425f1921c944eb55007f3d0b1c5d2f9

  • SHA512

    b5a520887d8034faf231aed6d41311a9a9e1003c20eeb2bd13f2f1636181d5c1cb298fdd72330f46f47c018a7e8540cc51d87a2cdb49d20caa68e0c1422b7db3

  • SSDEEP

    12288:ly90caVWfIyWNWjPaGiAOMb7SVaC2pJIKlexoMGMWC2iCKQq3eeu6qEi:ly1aVWQy48vvMYJIgGxGpECKQseeuTEi

Malware Config

Targets

    • Target

      abfc8a2793a05632da1b9af386c30f719425f1921c944eb55007f3d0b1c5d2f9

    • Size

      703KB

    • MD5

      4603ace63a09e3b9f5a10402c5f56248

    • SHA1

      67bf1e675fbd9c1955a3d9fe9d5f4611b75ce647

    • SHA256

      abfc8a2793a05632da1b9af386c30f719425f1921c944eb55007f3d0b1c5d2f9

    • SHA512

      b5a520887d8034faf231aed6d41311a9a9e1003c20eeb2bd13f2f1636181d5c1cb298fdd72330f46f47c018a7e8540cc51d87a2cdb49d20caa68e0c1422b7db3

    • SSDEEP

      12288:ly90caVWfIyWNWjPaGiAOMb7SVaC2pJIKlexoMGMWC2iCKQq3eeu6qEi:ly1aVWQy48vvMYJIgGxGpECKQseeuTEi

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks