General

  • Target

    caa48f56a51ae70c2db1fd29504a8c149c3f23c707733159f5c0bc028a2b94bf

  • Size

    704KB

  • Sample

    230424-abprcsgf77

  • MD5

    5a017389955a9a126325ae4a0043d5af

  • SHA1

    73df827b83efa3fc45ab3a05cde7eaa9db5b6bc4

  • SHA256

    caa48f56a51ae70c2db1fd29504a8c149c3f23c707733159f5c0bc028a2b94bf

  • SHA512

    d82ac2e62d64ce96490b875b43819787dd85224ea13d344c7f04ae4c10984ccac7fd342541c0979c176da07e9f112b4e46633902cc2420d13bc9b7628e6cbcc2

  • SSDEEP

    12288:jy90i15pRA+5SUA1O2ey6rRfVswCl3x02pI1XzCboIz8MyH/KFoIYNGj:jyTrZpdrRd9Cl3xADWoIYViaGj

Malware Config

Targets

    • Target

      caa48f56a51ae70c2db1fd29504a8c149c3f23c707733159f5c0bc028a2b94bf

    • Size

      704KB

    • MD5

      5a017389955a9a126325ae4a0043d5af

    • SHA1

      73df827b83efa3fc45ab3a05cde7eaa9db5b6bc4

    • SHA256

      caa48f56a51ae70c2db1fd29504a8c149c3f23c707733159f5c0bc028a2b94bf

    • SHA512

      d82ac2e62d64ce96490b875b43819787dd85224ea13d344c7f04ae4c10984ccac7fd342541c0979c176da07e9f112b4e46633902cc2420d13bc9b7628e6cbcc2

    • SSDEEP

      12288:jy90i15pRA+5SUA1O2ey6rRfVswCl3x02pI1XzCboIz8MyH/KFoIYNGj:jyTrZpdrRd9Cl3xADWoIYViaGj

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks