General

  • Target

    8251e1eea261dc7fc85ad64d38d4b412b0e8891f07fe5585a56cd8fa094b7ea1

  • Size

    1.2MB

  • Sample

    230423-zb245afg28

  • MD5

    a9bea2bef8ea36ec0459cf385a89b40c

  • SHA1

    890e795dea2ff21937b3f6096f523856f22f552a

  • SHA256

    8251e1eea261dc7fc85ad64d38d4b412b0e8891f07fe5585a56cd8fa094b7ea1

  • SHA512

    b5f567d95bd8b6ad8644f8f7ddad0f1f4d91146aa392c07c1b36bb00bb285f4ab83047f4dfa815305f501b2f5c0b34257679dc199188b087c69bbebd0aaa0325

  • SSDEEP

    24576:L8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:wKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      8251e1eea261dc7fc85ad64d38d4b412b0e8891f07fe5585a56cd8fa094b7ea1

    • Size

      1.2MB

    • MD5

      a9bea2bef8ea36ec0459cf385a89b40c

    • SHA1

      890e795dea2ff21937b3f6096f523856f22f552a

    • SHA256

      8251e1eea261dc7fc85ad64d38d4b412b0e8891f07fe5585a56cd8fa094b7ea1

    • SHA512

      b5f567d95bd8b6ad8644f8f7ddad0f1f4d91146aa392c07c1b36bb00bb285f4ab83047f4dfa815305f501b2f5c0b34257679dc199188b087c69bbebd0aaa0325

    • SSDEEP

      24576:L8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:wKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks