General

  • Target

    47dc19948a09cf8f005222cfb396c84d62b8c305c35b360637e43ea4bd0bb2c2

  • Size

    564KB

  • Sample

    230424-aacemsac3s

  • MD5

    a495cbada1400e850b0bd3318fbed365

  • SHA1

    72afc03d85011faa4d40ae99f88c13208b04d329

  • SHA256

    47dc19948a09cf8f005222cfb396c84d62b8c305c35b360637e43ea4bd0bb2c2

  • SHA512

    c2a402adf030bdb0930859350535196f8371ce2f830ad7230e47c31cc6cda3da7701b869795c715f4a36b97c89b99a8736cccf6087ca867387d39bd00f6c9143

  • SSDEEP

    12288:Oy90HW4+cxsOQhArCO6HB8NIDcz/034GnME4l9qmkP:OyGWJfAuO6h8yIM34ST4l9qmkP

Malware Config

Targets

    • Target

      47dc19948a09cf8f005222cfb396c84d62b8c305c35b360637e43ea4bd0bb2c2

    • Size

      564KB

    • MD5

      a495cbada1400e850b0bd3318fbed365

    • SHA1

      72afc03d85011faa4d40ae99f88c13208b04d329

    • SHA256

      47dc19948a09cf8f005222cfb396c84d62b8c305c35b360637e43ea4bd0bb2c2

    • SHA512

      c2a402adf030bdb0930859350535196f8371ce2f830ad7230e47c31cc6cda3da7701b869795c715f4a36b97c89b99a8736cccf6087ca867387d39bd00f6c9143

    • SSDEEP

      12288:Oy90HW4+cxsOQhArCO6HB8NIDcz/034GnME4l9qmkP:OyGWJfAuO6h8yIM34ST4l9qmkP

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks