General

  • Target

    2bf671359a1ee4ffa12007541175975a32581815d226f828c4ea7f942bbb14b3

  • Size

    1.0MB

  • Sample

    230424-ag7t5agg26

  • MD5

    8e563a15d5cfba622cd77f8f03532e78

  • SHA1

    ac01a44a3c8c1e932fbeada05261ef96fe4380d7

  • SHA256

    2bf671359a1ee4ffa12007541175975a32581815d226f828c4ea7f942bbb14b3

  • SHA512

    3ad09c1283d58bc8def52db618c35ca6f549b60f2ed7f587bffbf806b9f1115929071a18651e9530a66b266b3dea247819a4583da38d505e710c9037ec6768b2

  • SSDEEP

    24576:dcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:JmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      2bf671359a1ee4ffa12007541175975a32581815d226f828c4ea7f942bbb14b3

    • Size

      1.0MB

    • MD5

      8e563a15d5cfba622cd77f8f03532e78

    • SHA1

      ac01a44a3c8c1e932fbeada05261ef96fe4380d7

    • SHA256

      2bf671359a1ee4ffa12007541175975a32581815d226f828c4ea7f942bbb14b3

    • SHA512

      3ad09c1283d58bc8def52db618c35ca6f549b60f2ed7f587bffbf806b9f1115929071a18651e9530a66b266b3dea247819a4583da38d505e710c9037ec6768b2

    • SSDEEP

      24576:dcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:JmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks