General

  • Target

    c2ac5c3694e83fe2ea538753fef20a1830cf176a227346cb66efaa56b82c53cc

  • Size

    563KB

  • Sample

    230423-zevjfshd41

  • MD5

    350f84340198cfdd57f3a718dda0eea1

  • SHA1

    3952cefed16f542fc6d0da48508626640fcd46b0

  • SHA256

    c2ac5c3694e83fe2ea538753fef20a1830cf176a227346cb66efaa56b82c53cc

  • SHA512

    2c1795198232898b74c18f1d6806dfd263da18067ead6b4b07d03ea5a8f895b4d49cea485b4d6df1ae7fc0bf1a636e1be0818bd343ff418ec8afaf335298b175

  • SSDEEP

    12288:1y90qeG5yV6ZQYDI9kVhgH26rCeiXKRpG4SKzUvU:1yJe+XDI6Xm2WIXKRpNOU

Malware Config

Targets

    • Target

      c2ac5c3694e83fe2ea538753fef20a1830cf176a227346cb66efaa56b82c53cc

    • Size

      563KB

    • MD5

      350f84340198cfdd57f3a718dda0eea1

    • SHA1

      3952cefed16f542fc6d0da48508626640fcd46b0

    • SHA256

      c2ac5c3694e83fe2ea538753fef20a1830cf176a227346cb66efaa56b82c53cc

    • SHA512

      2c1795198232898b74c18f1d6806dfd263da18067ead6b4b07d03ea5a8f895b4d49cea485b4d6df1ae7fc0bf1a636e1be0818bd343ff418ec8afaf335298b175

    • SSDEEP

      12288:1y90qeG5yV6ZQYDI9kVhgH26rCeiXKRpG4SKzUvU:1yJe+XDI6Xm2WIXKRpNOU

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks