General

  • Target

    5c3e137f431823b42d7e0b3e60b0d9f55030a7e01f3b3fe9462d2a232c50eda0

  • Size

    704KB

  • Sample

    230424-aapd7sgf72

  • MD5

    9cb3ad6bbc8eb19e435ef9ca367fd32f

  • SHA1

    fd9345460c1773b1c7112ac001a4b11d1131b762

  • SHA256

    5c3e137f431823b42d7e0b3e60b0d9f55030a7e01f3b3fe9462d2a232c50eda0

  • SHA512

    2b176bf53d505630ba6f02bf266ab233f5b0a2139b8fb6c7f8d32dc5c86a42d8ff7d20e571dac64159b14b1f09421a180bfc7f528785eaa6a32081fdeaa96c56

  • SSDEEP

    12288:Ay90aDnjt+otBh+sxT5xFcryecttI1WzCi7IzbMkh/KnIfb:AyVh35D3FcOHyeL7IH/UU

Malware Config

Targets

    • Target

      5c3e137f431823b42d7e0b3e60b0d9f55030a7e01f3b3fe9462d2a232c50eda0

    • Size

      704KB

    • MD5

      9cb3ad6bbc8eb19e435ef9ca367fd32f

    • SHA1

      fd9345460c1773b1c7112ac001a4b11d1131b762

    • SHA256

      5c3e137f431823b42d7e0b3e60b0d9f55030a7e01f3b3fe9462d2a232c50eda0

    • SHA512

      2b176bf53d505630ba6f02bf266ab233f5b0a2139b8fb6c7f8d32dc5c86a42d8ff7d20e571dac64159b14b1f09421a180bfc7f528785eaa6a32081fdeaa96c56

    • SSDEEP

      12288:Ay90aDnjt+otBh+sxT5xFcryecttI1WzCi7IzbMkh/KnIfb:AyVh35D3FcOHyeL7IH/UU

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks