General

  • Target

    7f127cd3338bace4a0c313b29b91f3bbbb34be9242d085f289353e20094e41e2

  • Size

    1.2MB

  • Sample

    230423-zes1mahd4z

  • MD5

    c919f169533c592105bc0a8550a5e3c2

  • SHA1

    c1b701627a0be18c69bb0887b9536a9f5e8d8bb5

  • SHA256

    7f127cd3338bace4a0c313b29b91f3bbbb34be9242d085f289353e20094e41e2

  • SHA512

    0c4a5dd14d15a81d9eddbb75977f43cd5215b0ef2b51935e56051846eab5b4272f223ba0def01c35144d43dc8aaea73a1bcf3d726480b475916d84cf89c509f6

  • SSDEEP

    24576:D8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:YKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      7f127cd3338bace4a0c313b29b91f3bbbb34be9242d085f289353e20094e41e2

    • Size

      1.2MB

    • MD5

      c919f169533c592105bc0a8550a5e3c2

    • SHA1

      c1b701627a0be18c69bb0887b9536a9f5e8d8bb5

    • SHA256

      7f127cd3338bace4a0c313b29b91f3bbbb34be9242d085f289353e20094e41e2

    • SHA512

      0c4a5dd14d15a81d9eddbb75977f43cd5215b0ef2b51935e56051846eab5b4272f223ba0def01c35144d43dc8aaea73a1bcf3d726480b475916d84cf89c509f6

    • SSDEEP

      24576:D8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:YKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks