General

  • Target

    4340f5965c01d93d348548725f2baf56a63ff9cecf95018b146d58ecb14a187d

  • Size

    703KB

  • Sample

    230423-zfk2eahd5s

  • MD5

    e3c7105f2001eef23801c607d156b236

  • SHA1

    c823d356532ebe392669289fe4b9a69237214eb3

  • SHA256

    4340f5965c01d93d348548725f2baf56a63ff9cecf95018b146d58ecb14a187d

  • SHA512

    dd6a15951d2b282937ba57d67e9cc059d3f17d12c6f821d710cc585f62fb56b756b73235eb8fbe84280780000a3c064f2e0f18cfdfd197cf4c0c91918571d53a

  • SSDEEP

    12288:5y90IUFB61/QuEkG/YclFh/nmWBbXI7OyIHBx4KHEMWCVi0K+y4nmpK4:5yf/1o0Y7Fh7WOyIhOYEpv0K+app

Malware Config

Targets

    • Target

      4340f5965c01d93d348548725f2baf56a63ff9cecf95018b146d58ecb14a187d

    • Size

      703KB

    • MD5

      e3c7105f2001eef23801c607d156b236

    • SHA1

      c823d356532ebe392669289fe4b9a69237214eb3

    • SHA256

      4340f5965c01d93d348548725f2baf56a63ff9cecf95018b146d58ecb14a187d

    • SHA512

      dd6a15951d2b282937ba57d67e9cc059d3f17d12c6f821d710cc585f62fb56b756b73235eb8fbe84280780000a3c064f2e0f18cfdfd197cf4c0c91918571d53a

    • SSDEEP

      12288:5y90IUFB61/QuEkG/YclFh/nmWBbXI7OyIHBx4KHEMWCVi0K+y4nmpK4:5yf/1o0Y7Fh7WOyIhOYEpv0K+app

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks