General

  • Target

    4186cb9aa5b635b3e15ad7babeeb269f02863a09d2c0c676411438eb4ab5e300

  • Size

    1.0MB

  • Sample

    230424-aflv9sac7s

  • MD5

    560f92c90a48b55fe1f7b16c39ca1050

  • SHA1

    d49dd0094b8d63a5edd87f0b120e9a94bf854af2

  • SHA256

    4186cb9aa5b635b3e15ad7babeeb269f02863a09d2c0c676411438eb4ab5e300

  • SHA512

    1b5691665c6f62472deca41351883aa5a32655a53c59a21034bdc420b1655ad3d0b7d37b9ca0be1f69546b7a0a788569777ca0be411310ad57e157f758d66f66

  • SSDEEP

    24576:lcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:hmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      4186cb9aa5b635b3e15ad7babeeb269f02863a09d2c0c676411438eb4ab5e300

    • Size

      1.0MB

    • MD5

      560f92c90a48b55fe1f7b16c39ca1050

    • SHA1

      d49dd0094b8d63a5edd87f0b120e9a94bf854af2

    • SHA256

      4186cb9aa5b635b3e15ad7babeeb269f02863a09d2c0c676411438eb4ab5e300

    • SHA512

      1b5691665c6f62472deca41351883aa5a32655a53c59a21034bdc420b1655ad3d0b7d37b9ca0be1f69546b7a0a788569777ca0be411310ad57e157f758d66f66

    • SSDEEP

      24576:lcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:hmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks