General

  • Target

    e1c63171f25ccaa283f3fde24c47e7071217e7f076c70951eee5334c48e7640f

  • Size

    704KB

  • Sample

    230424-abcrssac3z

  • MD5

    a68b5c0645c7c3821d2fad6537379677

  • SHA1

    d0855d3e53c95154b099dc7af9c22fbc180aa0ab

  • SHA256

    e1c63171f25ccaa283f3fde24c47e7071217e7f076c70951eee5334c48e7640f

  • SHA512

    8ae473803c9e7772be3f0694aaf994975c8ae3305dec469115f7678b85e6454edb17a487f7050ccfffcb878ac9172379dd01ee8872f6885f5487e2c5857b2d7f

  • SSDEEP

    12288:/y905s6P45Af6dxG3enW5TR6mFGDDmBzit33aI1YzCLaIzhMqe/KFnsfi3BEEmd:/y47P4uvUmUDOS3TE2aINNgiST

Malware Config

Targets

    • Target

      e1c63171f25ccaa283f3fde24c47e7071217e7f076c70951eee5334c48e7640f

    • Size

      704KB

    • MD5

      a68b5c0645c7c3821d2fad6537379677

    • SHA1

      d0855d3e53c95154b099dc7af9c22fbc180aa0ab

    • SHA256

      e1c63171f25ccaa283f3fde24c47e7071217e7f076c70951eee5334c48e7640f

    • SHA512

      8ae473803c9e7772be3f0694aaf994975c8ae3305dec469115f7678b85e6454edb17a487f7050ccfffcb878ac9172379dd01ee8872f6885f5487e2c5857b2d7f

    • SSDEEP

      12288:/y905s6P45Af6dxG3enW5TR6mFGDDmBzit33aI1YzCLaIzhMqe/KFnsfi3BEEmd:/y47P4uvUmUDOS3TE2aINNgiST

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks