General

  • Target

    2aa12df8152079df69ce993e78508c12bd80d2d72408f808c51ce5f98c0b5adb

  • Size

    1.2MB

  • Sample

    230423-zfgc8afg49

  • MD5

    14374b00b3c3897f4e9e66017c58c14b

  • SHA1

    27e2ad45987be0f84314f27d5f749798d2c3f688

  • SHA256

    2aa12df8152079df69ce993e78508c12bd80d2d72408f808c51ce5f98c0b5adb

  • SHA512

    766550bf0d024f045b0f9d7eaacbb61e0c234a59c3901fe4d659927645b3294ada10288b35cbd44fa8eb3446085d10da1c5f899779351fd5a6ccb5a1920b2f8a

  • SSDEEP

    24576:i8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:3KoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      2aa12df8152079df69ce993e78508c12bd80d2d72408f808c51ce5f98c0b5adb

    • Size

      1.2MB

    • MD5

      14374b00b3c3897f4e9e66017c58c14b

    • SHA1

      27e2ad45987be0f84314f27d5f749798d2c3f688

    • SHA256

      2aa12df8152079df69ce993e78508c12bd80d2d72408f808c51ce5f98c0b5adb

    • SHA512

      766550bf0d024f045b0f9d7eaacbb61e0c234a59c3901fe4d659927645b3294ada10288b35cbd44fa8eb3446085d10da1c5f899779351fd5a6ccb5a1920b2f8a

    • SSDEEP

      24576:i8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:3KoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks