General

  • Target

    c38d2f958315235062edf92438a312af9bb0bc9cebca7af6648a58446fe53165

  • Size

    1.2MB

  • Sample

    230423-zjyrnshd6w

  • MD5

    19626d8003a1ed5efe0c082cd4c6f787

  • SHA1

    572c0f567c177905bcbc72b9e052aa7da5b8415c

  • SHA256

    c38d2f958315235062edf92438a312af9bb0bc9cebca7af6648a58446fe53165

  • SHA512

    87d0d02217c6e886041ca0fcc3f7380b8f98d7dcf279ef922d35819b8eb1e689f5e2af97c2e7fe94d18e96cfdf78eb48f741e85d9bf3eab67686ba42608adb21

  • SSDEEP

    24576:S8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:HKoyI1EQVazy0RIk4vkoFHe

Malware Config

Targets

    • Target

      c38d2f958315235062edf92438a312af9bb0bc9cebca7af6648a58446fe53165

    • Size

      1.2MB

    • MD5

      19626d8003a1ed5efe0c082cd4c6f787

    • SHA1

      572c0f567c177905bcbc72b9e052aa7da5b8415c

    • SHA256

      c38d2f958315235062edf92438a312af9bb0bc9cebca7af6648a58446fe53165

    • SHA512

      87d0d02217c6e886041ca0fcc3f7380b8f98d7dcf279ef922d35819b8eb1e689f5e2af97c2e7fe94d18e96cfdf78eb48f741e85d9bf3eab67686ba42608adb21

    • SSDEEP

      24576:S8FAGzhOxi/8+hxyHwVrKZzyykcgwIk4vkoFNxeAs:HKoyI1EQVazy0RIk4vkoFHe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks