General

  • Target

    dd5101030f15ee37924d09cda2c7f5713528e5bc3b190b29b06ce46fcb7f9d68

  • Size

    1.2MB

  • Sample

    230423-zd5m2afg45

  • MD5

    111c5f07d973e4ebbcfbb4f0772ae37e

  • SHA1

    cac8771863884d7053bb31a33c4e0a57765ac2f3

  • SHA256

    dd5101030f15ee37924d09cda2c7f5713528e5bc3b190b29b06ce46fcb7f9d68

  • SHA512

    68510c40a4540c4dc8a145416c4a3e91e7388a235b286c75d253471cd8fafa94d5a2576d2f638ff330ad4b24f256a8a8332ec5c41716fe96e00e7d6c527652d8

  • SSDEEP

    24576:C8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:XKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      dd5101030f15ee37924d09cda2c7f5713528e5bc3b190b29b06ce46fcb7f9d68

    • Size

      1.2MB

    • MD5

      111c5f07d973e4ebbcfbb4f0772ae37e

    • SHA1

      cac8771863884d7053bb31a33c4e0a57765ac2f3

    • SHA256

      dd5101030f15ee37924d09cda2c7f5713528e5bc3b190b29b06ce46fcb7f9d68

    • SHA512

      68510c40a4540c4dc8a145416c4a3e91e7388a235b286c75d253471cd8fafa94d5a2576d2f638ff330ad4b24f256a8a8332ec5c41716fe96e00e7d6c527652d8

    • SSDEEP

      24576:C8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:XKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks