General

  • Target

    8fcca3914c08d89e0d970f617db210a09fc4bd4b5befbdaf1f2265e1f057e39a

  • Size

    563KB

  • Sample

    230424-abydhaac4s

  • MD5

    9311925715b9845e7f66dee031d739b9

  • SHA1

    42af6b42545d7c5c393ce274cafef120f1a01dfa

  • SHA256

    8fcca3914c08d89e0d970f617db210a09fc4bd4b5befbdaf1f2265e1f057e39a

  • SHA512

    802cb8d9007b8304139101822070ab333c639287e22ac999d879bd1990600697ec7113163bc1c372658775f22d672e669f0ec061a33058ec23bfa945f517c727

  • SSDEEP

    12288:my90c6Sb3Tq9CQZLW+6aIGOzY0hSjnMW/Nxi3Zp:myV6SG8Q4+B2fhSzNj6p

Malware Config

Targets

    • Target

      8fcca3914c08d89e0d970f617db210a09fc4bd4b5befbdaf1f2265e1f057e39a

    • Size

      563KB

    • MD5

      9311925715b9845e7f66dee031d739b9

    • SHA1

      42af6b42545d7c5c393ce274cafef120f1a01dfa

    • SHA256

      8fcca3914c08d89e0d970f617db210a09fc4bd4b5befbdaf1f2265e1f057e39a

    • SHA512

      802cb8d9007b8304139101822070ab333c639287e22ac999d879bd1990600697ec7113163bc1c372658775f22d672e669f0ec061a33058ec23bfa945f517c727

    • SSDEEP

      12288:my90c6Sb3Tq9CQZLW+6aIGOzY0hSjnMW/Nxi3Zp:myV6SG8Q4+B2fhSzNj6p

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks