General

  • Target

    3265a81e34ba895b3bfaac116155b3cf4df42fae633e34c64e9038ffcebbd5e6

  • Size

    703KB

  • Sample

    230423-zh94bahd6t

  • MD5

    9a29f4406e809af1e009c27b49be4e4b

  • SHA1

    979169946eccd316e3f4ad038fe0cacb562816b5

  • SHA256

    3265a81e34ba895b3bfaac116155b3cf4df42fae633e34c64e9038ffcebbd5e6

  • SHA512

    6e781cf1a41d79526bfc4d978a9b67cbff577ca3ba6f9d9b03ed61826751d3dbe7997d3c2039b2bb131759a72618ccc76f2af4980478bf5be5d588fa494cd691

  • SSDEEP

    12288:Zy901gffNXu+7krNpbG6lozWgTh8M2+SzJNeYp+I0sOBq40MWCai7KMHC:ZyffNuZrnbG6zgTGMJQJNl+IvGX0ps7U

Malware Config

Targets

    • Target

      3265a81e34ba895b3bfaac116155b3cf4df42fae633e34c64e9038ffcebbd5e6

    • Size

      703KB

    • MD5

      9a29f4406e809af1e009c27b49be4e4b

    • SHA1

      979169946eccd316e3f4ad038fe0cacb562816b5

    • SHA256

      3265a81e34ba895b3bfaac116155b3cf4df42fae633e34c64e9038ffcebbd5e6

    • SHA512

      6e781cf1a41d79526bfc4d978a9b67cbff577ca3ba6f9d9b03ed61826751d3dbe7997d3c2039b2bb131759a72618ccc76f2af4980478bf5be5d588fa494cd691

    • SSDEEP

      12288:Zy901gffNXu+7krNpbG6lozWgTh8M2+SzJNeYp+I0sOBq40MWCai7KMHC:ZyffNuZrnbG6zgTGMJQJNl+IvGX0ps7U

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks