General

  • Target

    d1e321abe47ee4cecad4964ae923ebad75196ca0653e076d0775ab541bddcd7f

  • Size

    703KB

  • Sample

    230423-zeat2shd4x

  • MD5

    4314ef6fbca15e3f6dd77681ba5db221

  • SHA1

    222d776e3e4fe3b4700ff0d1a6e92dec5deb05b2

  • SHA256

    d1e321abe47ee4cecad4964ae923ebad75196ca0653e076d0775ab541bddcd7f

  • SHA512

    1558af2eeb965e45cb1698b86abfaa2d45c9fa4d6827a89e9fa16599564efb4754dc00b8a33c11ffe5892f99a222c363b823f68ba0e45220aab39a3a474cb04f

  • SSDEEP

    12288:Ny909GMJbbHiAsXsoPVZcD0FWvvkIXX5WUbTMWCEinKDOiDF6:NyUGMFG/XsoN+DKWnkIHkCTp2nKDnA

Malware Config

Targets

    • Target

      d1e321abe47ee4cecad4964ae923ebad75196ca0653e076d0775ab541bddcd7f

    • Size

      703KB

    • MD5

      4314ef6fbca15e3f6dd77681ba5db221

    • SHA1

      222d776e3e4fe3b4700ff0d1a6e92dec5deb05b2

    • SHA256

      d1e321abe47ee4cecad4964ae923ebad75196ca0653e076d0775ab541bddcd7f

    • SHA512

      1558af2eeb965e45cb1698b86abfaa2d45c9fa4d6827a89e9fa16599564efb4754dc00b8a33c11ffe5892f99a222c363b823f68ba0e45220aab39a3a474cb04f

    • SSDEEP

      12288:Ny909GMJbbHiAsXsoPVZcD0FWvvkIXX5WUbTMWCEinKDOiDF6:NyUGMFG/XsoN+DKWnkIHkCTp2nKDnA

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks