General

  • Target

    5725bbc540aeb2e45734eb7852f5cb44b1f6cb4e5dbd0f709d91b7c35fd1a0ba

  • Size

    563KB

  • Sample

    230423-zflb6shd5t

  • MD5

    1db42b0b2c369ae797bf915f4d0077e0

  • SHA1

    a3343a197704bac318cf3a29d774908c1643e24b

  • SHA256

    5725bbc540aeb2e45734eb7852f5cb44b1f6cb4e5dbd0f709d91b7c35fd1a0ba

  • SHA512

    4c1b26d98ea3886d6d3cd2e923daf013ddaae8b93d97b26d3f532ecb145a72900ddc8c989c903f65301caf1bc6709fcf4cc33219be3d6bedabe6f0aa9be10af7

  • SSDEEP

    12288:gy90xJ8oCWebwWczh8H2FdCeiGKeH43FGjy:gyoJ8uxtC2/IGKGw2y

Malware Config

Targets

    • Target

      5725bbc540aeb2e45734eb7852f5cb44b1f6cb4e5dbd0f709d91b7c35fd1a0ba

    • Size

      563KB

    • MD5

      1db42b0b2c369ae797bf915f4d0077e0

    • SHA1

      a3343a197704bac318cf3a29d774908c1643e24b

    • SHA256

      5725bbc540aeb2e45734eb7852f5cb44b1f6cb4e5dbd0f709d91b7c35fd1a0ba

    • SHA512

      4c1b26d98ea3886d6d3cd2e923daf013ddaae8b93d97b26d3f532ecb145a72900ddc8c989c903f65301caf1bc6709fcf4cc33219be3d6bedabe6f0aa9be10af7

    • SSDEEP

      12288:gy90xJ8oCWebwWczh8H2FdCeiGKeH43FGjy:gyoJ8uxtC2/IGKGw2y

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks