General

  • Target

    a0abeca56ad9e60a433dea67e9ce79af3e2db93c864b8f3fe6bfdaf56cea3e60

  • Size

    563KB

  • Sample

    230423-zh7m7afg68

  • MD5

    3cc8ebf8583a8a5e0c00b6c97d9afcc7

  • SHA1

    d3ecd271b8e0c671609efc84c3b532efbe796cf2

  • SHA256

    a0abeca56ad9e60a433dea67e9ce79af3e2db93c864b8f3fe6bfdaf56cea3e60

  • SHA512

    3be13394bdfada4865e238076fa0ffb46a2f04771857c869fedf5ace6dce86fb0cdc63582d5664cc0c19c9664613ff30f280b164a5e1ead65dc3a90a8d2b9f37

  • SSDEEP

    12288:hy90dmsipCX7zfujDfFHQJJhdH2CECei1KyY68rSJPg:hylG7CfFHkbd2ZI1KyN8rIg

Malware Config

Targets

    • Target

      a0abeca56ad9e60a433dea67e9ce79af3e2db93c864b8f3fe6bfdaf56cea3e60

    • Size

      563KB

    • MD5

      3cc8ebf8583a8a5e0c00b6c97d9afcc7

    • SHA1

      d3ecd271b8e0c671609efc84c3b532efbe796cf2

    • SHA256

      a0abeca56ad9e60a433dea67e9ce79af3e2db93c864b8f3fe6bfdaf56cea3e60

    • SHA512

      3be13394bdfada4865e238076fa0ffb46a2f04771857c869fedf5ace6dce86fb0cdc63582d5664cc0c19c9664613ff30f280b164a5e1ead65dc3a90a8d2b9f37

    • SSDEEP

      12288:hy90dmsipCX7zfujDfFHQJJhdH2CECei1KyY68rSJPg:hylG7CfFHkbd2ZI1KyN8rIg

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks