General

  • Target

    32fcf8a38bb66383ba8523fc02e93de85c1da519a00b44086b450b24826ab924

  • Size

    1.2MB

  • Sample

    230423-zglpbsfg62

  • MD5

    3c6897acaec19cef9047fa62ef34b803

  • SHA1

    cc5bb5dc3ca9cfe42bb0c958df5a13f34b37e725

  • SHA256

    32fcf8a38bb66383ba8523fc02e93de85c1da519a00b44086b450b24826ab924

  • SHA512

    6dd04fdf0c8a08a8e0fd9e6f7fc5d1364ddcd9180909540dd9485a2572548ea63a4f0f4bdca2e510889b14604965bd75788e3b8d1a51e23162be34a80651feb8

  • SSDEEP

    24576:08FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:9KoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      32fcf8a38bb66383ba8523fc02e93de85c1da519a00b44086b450b24826ab924

    • Size

      1.2MB

    • MD5

      3c6897acaec19cef9047fa62ef34b803

    • SHA1

      cc5bb5dc3ca9cfe42bb0c958df5a13f34b37e725

    • SHA256

      32fcf8a38bb66383ba8523fc02e93de85c1da519a00b44086b450b24826ab924

    • SHA512

      6dd04fdf0c8a08a8e0fd9e6f7fc5d1364ddcd9180909540dd9485a2572548ea63a4f0f4bdca2e510889b14604965bd75788e3b8d1a51e23162be34a80651feb8

    • SSDEEP

      24576:08FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:9KoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks