General

  • Target

    c866aa8fc59fa0c9435e3761181926e848c9f134e608d028e6b218d90463ca99

  • Size

    564KB

  • Sample

    230423-zc5awahd4v

  • MD5

    b1185d13e4e5f60c02b0ff5c3e59aa76

  • SHA1

    b0d037660fe8dca3f859f80c61f531d3cdf6537b

  • SHA256

    c866aa8fc59fa0c9435e3761181926e848c9f134e608d028e6b218d90463ca99

  • SHA512

    a09723a8a7f5f794b6bb6402bfec71b6c2cef6dcc2ece1c9c0af1aac91bbc4530c2383a7f2ee9c20589548441071491efc7471031c99b67ddd08200d2e956c5f

  • SSDEEP

    12288:Jy90DqK74zYMsO6Z01r+KKMk44hjH2rwCeitKWFghmWlxl:Jy+N74rG0gKb/gz2MItKWonl

Malware Config

Targets

    • Target

      c866aa8fc59fa0c9435e3761181926e848c9f134e608d028e6b218d90463ca99

    • Size

      564KB

    • MD5

      b1185d13e4e5f60c02b0ff5c3e59aa76

    • SHA1

      b0d037660fe8dca3f859f80c61f531d3cdf6537b

    • SHA256

      c866aa8fc59fa0c9435e3761181926e848c9f134e608d028e6b218d90463ca99

    • SHA512

      a09723a8a7f5f794b6bb6402bfec71b6c2cef6dcc2ece1c9c0af1aac91bbc4530c2383a7f2ee9c20589548441071491efc7471031c99b67ddd08200d2e956c5f

    • SSDEEP

      12288:Jy90DqK74zYMsO6Z01r+KKMk44hjH2rwCeitKWFghmWlxl:Jy+N74rG0gKb/gz2MItKWonl

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks