General

  • Target

    012e0e1351e521258d5e35d57fc4476690fbef92f49ccd4a16785db2ad328f8a

  • Size

    1.0MB

  • Sample

    230424-aexalsac6x

  • MD5

    ec65dda49e6e43856338ff28bd8fe20a

  • SHA1

    27358b83421de4f5cae2f35219e021505264d16c

  • SHA256

    012e0e1351e521258d5e35d57fc4476690fbef92f49ccd4a16785db2ad328f8a

  • SHA512

    2d11a6a9e7c16eb8299af49778b3c33c26a00b01c02c1eed870ce29fe28022ea054697f195b511f9b128b061c812e6e12c561f70e032bc6eac9bbc634f40b696

  • SSDEEP

    24576:tcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:ZmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      012e0e1351e521258d5e35d57fc4476690fbef92f49ccd4a16785db2ad328f8a

    • Size

      1.0MB

    • MD5

      ec65dda49e6e43856338ff28bd8fe20a

    • SHA1

      27358b83421de4f5cae2f35219e021505264d16c

    • SHA256

      012e0e1351e521258d5e35d57fc4476690fbef92f49ccd4a16785db2ad328f8a

    • SHA512

      2d11a6a9e7c16eb8299af49778b3c33c26a00b01c02c1eed870ce29fe28022ea054697f195b511f9b128b061c812e6e12c561f70e032bc6eac9bbc634f40b696

    • SSDEEP

      24576:tcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:ZmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks