General

  • Target

    ade941723c3d6d40c3c5d34efb3e937a15efaacc78463433ecc37d6034034c4d

  • Size

    704KB

  • Sample

    230423-zbc51afg26

  • MD5

    88e6e6babd23c6cde2f247d3ab5e1060

  • SHA1

    3f756ae2d34ae0d53654fffb65a2748513b607e8

  • SHA256

    ade941723c3d6d40c3c5d34efb3e937a15efaacc78463433ecc37d6034034c4d

  • SHA512

    9178a5d8ab087d20e6015048f87c8d0c9ff1e50634f8e097b67397e09c077b52926e259e0341b853f07e813ceace70e141df15f1178d1c9991359d922a6eddfd

  • SSDEEP

    12288:Py90agK/J5JhFRjHY1g6ohhmWeY1dZR4gVHMWCsifKqbDLdMa/yv:PyMKB5JprCfcneaicHpefKq/Ldgv

Malware Config

Targets

    • Target

      ade941723c3d6d40c3c5d34efb3e937a15efaacc78463433ecc37d6034034c4d

    • Size

      704KB

    • MD5

      88e6e6babd23c6cde2f247d3ab5e1060

    • SHA1

      3f756ae2d34ae0d53654fffb65a2748513b607e8

    • SHA256

      ade941723c3d6d40c3c5d34efb3e937a15efaacc78463433ecc37d6034034c4d

    • SHA512

      9178a5d8ab087d20e6015048f87c8d0c9ff1e50634f8e097b67397e09c077b52926e259e0341b853f07e813ceace70e141df15f1178d1c9991359d922a6eddfd

    • SSDEEP

      12288:Py90agK/J5JhFRjHY1g6ohhmWeY1dZR4gVHMWCsifKqbDLdMa/yv:PyMKB5JprCfcneaicHpefKq/Ldgv

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks