General

  • Target

    333a38ed38121390b60539ec1b39fd19fa0049b7c388fba2e1ed8e928e59dacf

  • Size

    1.0MB

  • Sample

    230424-aefb4aac6w

  • MD5

    5ff05aa7cb804a2454b047cc19fdd138

  • SHA1

    b03a3baddbc5bb2fb8acd464cd167bd20d724933

  • SHA256

    333a38ed38121390b60539ec1b39fd19fa0049b7c388fba2e1ed8e928e59dacf

  • SHA512

    2fe8c0139c9dfc7a422e42aeeb335e241f06ed68f6051cbbeb52336fa552ecdbd7721e624ae5bde1adf14281a19571c5d86aff4b267c9f26b8232e62eb67d106

  • SSDEEP

    24576:UcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:kmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      333a38ed38121390b60539ec1b39fd19fa0049b7c388fba2e1ed8e928e59dacf

    • Size

      1.0MB

    • MD5

      5ff05aa7cb804a2454b047cc19fdd138

    • SHA1

      b03a3baddbc5bb2fb8acd464cd167bd20d724933

    • SHA256

      333a38ed38121390b60539ec1b39fd19fa0049b7c388fba2e1ed8e928e59dacf

    • SHA512

      2fe8c0139c9dfc7a422e42aeeb335e241f06ed68f6051cbbeb52336fa552ecdbd7721e624ae5bde1adf14281a19571c5d86aff4b267c9f26b8232e62eb67d106

    • SSDEEP

      24576:UcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:kmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks