General

  • Target

    3854162c5de039ed784453ba5e21cfc9e62408ddc2e2740483a5374497d556bc

  • Size

    704KB

  • Sample

    230423-zfz6bsfg55

  • MD5

    c8f6d5d5b8ac2e2440f843ed79d14fdc

  • SHA1

    76da280672ca55c410c7291d91e82760046598f4

  • SHA256

    3854162c5de039ed784453ba5e21cfc9e62408ddc2e2740483a5374497d556bc

  • SHA512

    8bc60e2716056c2f433ac39a4eec18e06932c3e681a6a81d15800eddf2816371ccce99a8dba53065d13da9a301ff27ddaa49ccd01ed8e9520b024f0be74190ae

  • SSDEEP

    12288:Xy90nElqR+MLOiUj0pw3x/aox0D1NYuJHQAMWCYiXK6fFx7:XyUml8Uj0p6XxEYuwApKXK6fz

Malware Config

Targets

    • Target

      3854162c5de039ed784453ba5e21cfc9e62408ddc2e2740483a5374497d556bc

    • Size

      704KB

    • MD5

      c8f6d5d5b8ac2e2440f843ed79d14fdc

    • SHA1

      76da280672ca55c410c7291d91e82760046598f4

    • SHA256

      3854162c5de039ed784453ba5e21cfc9e62408ddc2e2740483a5374497d556bc

    • SHA512

      8bc60e2716056c2f433ac39a4eec18e06932c3e681a6a81d15800eddf2816371ccce99a8dba53065d13da9a301ff27ddaa49ccd01ed8e9520b024f0be74190ae

    • SSDEEP

      12288:Xy90nElqR+MLOiUj0pw3x/aox0D1NYuJHQAMWCYiXK6fFx7:XyUml8Uj0p6XxEYuwApKXK6fz

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks