General

  • Target

    7291faf6e30edcd61009046b73c24d22bc3d4c45d79759a6c35cd47dbf193dcb

  • Size

    1.2MB

  • Sample

    230423-zfx1zafg54

  • MD5

    77cee536e583de02f13da88e76b37377

  • SHA1

    139aded8a1386dea4c809f68f3ca3c8fa7027152

  • SHA256

    7291faf6e30edcd61009046b73c24d22bc3d4c45d79759a6c35cd47dbf193dcb

  • SHA512

    99d068cc3668f64c5180b1cae6915d4c9a9c143129ae69755638375e26cb0ca8803d0efea82a4798f3d612b246bdfdc752b5d77bd601756fafe3001cc32d335f

  • SSDEEP

    24576:f8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:EKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      7291faf6e30edcd61009046b73c24d22bc3d4c45d79759a6c35cd47dbf193dcb

    • Size

      1.2MB

    • MD5

      77cee536e583de02f13da88e76b37377

    • SHA1

      139aded8a1386dea4c809f68f3ca3c8fa7027152

    • SHA256

      7291faf6e30edcd61009046b73c24d22bc3d4c45d79759a6c35cd47dbf193dcb

    • SHA512

      99d068cc3668f64c5180b1cae6915d4c9a9c143129ae69755638375e26cb0ca8803d0efea82a4798f3d612b246bdfdc752b5d77bd601756fafe3001cc32d335f

    • SSDEEP

      24576:f8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:EKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks