General

  • Target

    da76976bd199e939c9c305f12740447688614455a075ae05538ed379a45210f2

  • Size

    1.2MB

  • Sample

    230423-zh861shd6s

  • MD5

    161a76c3bc448303dea6541d4c011990

  • SHA1

    56b5e558e3091dba11891b140280fb655d827217

  • SHA256

    da76976bd199e939c9c305f12740447688614455a075ae05538ed379a45210f2

  • SHA512

    306f69fd0f74e23dd88f42b5d7743b7d2136a2f933adb3cb399f4fd1a1cdadc8602ad02d9e2b27009cc0f58a145e58d77afd7576a6faa888af9c80dea3936b63

  • SSDEEP

    24576:c8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:VKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      da76976bd199e939c9c305f12740447688614455a075ae05538ed379a45210f2

    • Size

      1.2MB

    • MD5

      161a76c3bc448303dea6541d4c011990

    • SHA1

      56b5e558e3091dba11891b140280fb655d827217

    • SHA256

      da76976bd199e939c9c305f12740447688614455a075ae05538ed379a45210f2

    • SHA512

      306f69fd0f74e23dd88f42b5d7743b7d2136a2f933adb3cb399f4fd1a1cdadc8602ad02d9e2b27009cc0f58a145e58d77afd7576a6faa888af9c80dea3936b63

    • SSDEEP

      24576:c8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:VKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks