General

  • Target

    7c85bd4e37043c70521ad7177957c24244eee3ccf32aa42fe0a91e13b1b098a8

  • Size

    1.2MB

  • Sample

    230423-zhrlzafg64

  • MD5

    0e437f04e6f2550a4379c06be9500733

  • SHA1

    fccc78c3a3ec3b215aff9b6b25a80eac850a9baa

  • SHA256

    7c85bd4e37043c70521ad7177957c24244eee3ccf32aa42fe0a91e13b1b098a8

  • SHA512

    572d0e676d955f53092b29d4b9e62c9baf269f15a6adde5caf9b469d89c1158e7a5ee8aa553df19b28cf8c93363e6abdbf00d0b4ca35d18ba2dde1f43f2638c8

  • SSDEEP

    24576:T8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:IKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      7c85bd4e37043c70521ad7177957c24244eee3ccf32aa42fe0a91e13b1b098a8

    • Size

      1.2MB

    • MD5

      0e437f04e6f2550a4379c06be9500733

    • SHA1

      fccc78c3a3ec3b215aff9b6b25a80eac850a9baa

    • SHA256

      7c85bd4e37043c70521ad7177957c24244eee3ccf32aa42fe0a91e13b1b098a8

    • SHA512

      572d0e676d955f53092b29d4b9e62c9baf269f15a6adde5caf9b469d89c1158e7a5ee8aa553df19b28cf8c93363e6abdbf00d0b4ca35d18ba2dde1f43f2638c8

    • SSDEEP

      24576:T8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:IKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks