General

  • Target

    9d2fefcdbe540c4952eb7305f6153ba626df226097e35e81a2e55499b232e190

  • Size

    563KB

  • Sample

    230423-zf45aafg56

  • MD5

    e192428e945e512c3b2c7cc9adca93f5

  • SHA1

    bb1e6e8f3e81873a5debd6a1c0a20a8cc7535b07

  • SHA256

    9d2fefcdbe540c4952eb7305f6153ba626df226097e35e81a2e55499b232e190

  • SHA512

    27dd30ae1a20bb05dc9e230c20ca794aed0acb61eac2325ae023ed64fc8f7b0c159026e84f65e06295e2b91ffa755b45a3b2aa7d572b3b22a08cbe0fcfecd12b

  • SSDEEP

    12288:4y901ADrEqWDtfyDsTDI9d4hRH2S2CeiQKYg3DqyfPPZ:4yYADArVygTDI3gR2pIQKthPh

Malware Config

Targets

    • Target

      9d2fefcdbe540c4952eb7305f6153ba626df226097e35e81a2e55499b232e190

    • Size

      563KB

    • MD5

      e192428e945e512c3b2c7cc9adca93f5

    • SHA1

      bb1e6e8f3e81873a5debd6a1c0a20a8cc7535b07

    • SHA256

      9d2fefcdbe540c4952eb7305f6153ba626df226097e35e81a2e55499b232e190

    • SHA512

      27dd30ae1a20bb05dc9e230c20ca794aed0acb61eac2325ae023ed64fc8f7b0c159026e84f65e06295e2b91ffa755b45a3b2aa7d572b3b22a08cbe0fcfecd12b

    • SSDEEP

      12288:4y901ADrEqWDtfyDsTDI9d4hRH2S2CeiQKYg3DqyfPPZ:4yYADArVygTDI3gR2pIQKthPh

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks