General

  • Target

    20c5ea3f4d1d541b6808ff6f8f4a2e62fdda7785ffd58060e56bfc058d0598cb

  • Size

    563KB

  • Sample

    230424-aftk4sac7v

  • MD5

    f387ff18a855d7f34a3db0d941cd664e

  • SHA1

    0a670f32df1475b9b143b407a2ed2a77833c0095

  • SHA256

    20c5ea3f4d1d541b6808ff6f8f4a2e62fdda7785ffd58060e56bfc058d0598cb

  • SHA512

    99ed93a37156c4c62acc3ebdff00a638d4d67b24d7d85b74c7562f0410a8c01c53938e20e193c83e9fc4d89f9dd2f4249c8ca668de7fab50c5db3ae3e86ac2ce

  • SSDEEP

    12288:fy90IlpGkRYNuvbqJbI8Vzv0tOziMnay/O9kTi:fyVUkHul9ctOmUj/BW

Malware Config

Targets

    • Target

      20c5ea3f4d1d541b6808ff6f8f4a2e62fdda7785ffd58060e56bfc058d0598cb

    • Size

      563KB

    • MD5

      f387ff18a855d7f34a3db0d941cd664e

    • SHA1

      0a670f32df1475b9b143b407a2ed2a77833c0095

    • SHA256

      20c5ea3f4d1d541b6808ff6f8f4a2e62fdda7785ffd58060e56bfc058d0598cb

    • SHA512

      99ed93a37156c4c62acc3ebdff00a638d4d67b24d7d85b74c7562f0410a8c01c53938e20e193c83e9fc4d89f9dd2f4249c8ca668de7fab50c5db3ae3e86ac2ce

    • SSDEEP

      12288:fy90IlpGkRYNuvbqJbI8Vzv0tOziMnay/O9kTi:fyVUkHul9ctOmUj/BW

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks