General

  • Target

    e29aa4b1479b5e315c846156d6603698dc7496a30b88e10ecbb944f0b54a0ca9

  • Size

    563KB

  • Sample

    230424-af5clsac7z

  • MD5

    45ec37111563efcd9ddf6d188f5efc99

  • SHA1

    d8772b3e9bdc59da74c1e18118c9ea50fbc60242

  • SHA256

    e29aa4b1479b5e315c846156d6603698dc7496a30b88e10ecbb944f0b54a0ca9

  • SHA512

    aa884b9c64e48f377206bd4f8a2f76fbad2ef08bf3fa73e41dafe70a9ed5f143614165078ae45cc6694bd993175a2b53e459b8e2f5d64f0d30f47a5888be5175

  • SSDEEP

    12288:Jy90TW7cu1qOKOwkIFPzo0rl+nMi5dGTg:Jy08Jy7Prlq1DGTg

Malware Config

Targets

    • Target

      e29aa4b1479b5e315c846156d6603698dc7496a30b88e10ecbb944f0b54a0ca9

    • Size

      563KB

    • MD5

      45ec37111563efcd9ddf6d188f5efc99

    • SHA1

      d8772b3e9bdc59da74c1e18118c9ea50fbc60242

    • SHA256

      e29aa4b1479b5e315c846156d6603698dc7496a30b88e10ecbb944f0b54a0ca9

    • SHA512

      aa884b9c64e48f377206bd4f8a2f76fbad2ef08bf3fa73e41dafe70a9ed5f143614165078ae45cc6694bd993175a2b53e459b8e2f5d64f0d30f47a5888be5175

    • SSDEEP

      12288:Jy90TW7cu1qOKOwkIFPzo0rl+nMi5dGTg:Jy08Jy7Prlq1DGTg

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks