General

  • Target

    6e8e50cc1282193c4a00635761ea8534b1d8d8867285681a7222e79f7d62c95a

  • Size

    704KB

  • Sample

    230423-zhs5ssfg65

  • MD5

    3533f2a19ea06eddc884e90ec3ac7d66

  • SHA1

    d9975007d177617e18df2db238b6e88e5c282e4f

  • SHA256

    6e8e50cc1282193c4a00635761ea8534b1d8d8867285681a7222e79f7d62c95a

  • SHA512

    91c4555b4baacda20ace423e7e8aacb5cc0c228f38a19eaab02b8c509c45d0f6eda6fe298b56a20137cda773158d71cbf2e3809836251957c71b9155329db75f

  • SSDEEP

    12288:ry90oannPY3ucbbG3TK0Th8mtC1A3dLU6cD7dzG1ccRMWCOixKiKQO6i9V6e:ryEngnG3+0T6mtCadkD7ZWZRpcxKiC6o

Malware Config

Targets

    • Target

      6e8e50cc1282193c4a00635761ea8534b1d8d8867285681a7222e79f7d62c95a

    • Size

      704KB

    • MD5

      3533f2a19ea06eddc884e90ec3ac7d66

    • SHA1

      d9975007d177617e18df2db238b6e88e5c282e4f

    • SHA256

      6e8e50cc1282193c4a00635761ea8534b1d8d8867285681a7222e79f7d62c95a

    • SHA512

      91c4555b4baacda20ace423e7e8aacb5cc0c228f38a19eaab02b8c509c45d0f6eda6fe298b56a20137cda773158d71cbf2e3809836251957c71b9155329db75f

    • SSDEEP

      12288:ry90oannPY3ucbbG3TK0Th8mtC1A3dLU6cD7dzG1ccRMWCOixKiKQO6i9V6e:ryEngnG3+0T6mtCadkD7ZWZRpcxKiC6o

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks