General

  • Target

    e6d4ea853b8873cb357ab326551dfa2f3f71b160c7d8869bc7349238215b47c7

  • Size

    563KB

  • Sample

    230424-agylfsac8s

  • MD5

    ad28cd29ef70afab6b2805d1ac0d423b

  • SHA1

    77743cd87f424569b72831be6447ef3b7fef8df1

  • SHA256

    e6d4ea853b8873cb357ab326551dfa2f3f71b160c7d8869bc7349238215b47c7

  • SHA512

    63eb9cff7336560d8ce0cf20d8c4d9de472b75e2eeb5a110cdc376456e186525abc0ba0027801388688a42090508676d62c89929b97b2fe182dfa81d4b93bc33

  • SSDEEP

    12288:Ty90LeVHHspELXv+cg3gI+hzr03jzvMZvOwtP5k9q7WP:TyaRS+v2JI3jj6vldCA7WP

Malware Config

Targets

    • Target

      e6d4ea853b8873cb357ab326551dfa2f3f71b160c7d8869bc7349238215b47c7

    • Size

      563KB

    • MD5

      ad28cd29ef70afab6b2805d1ac0d423b

    • SHA1

      77743cd87f424569b72831be6447ef3b7fef8df1

    • SHA256

      e6d4ea853b8873cb357ab326551dfa2f3f71b160c7d8869bc7349238215b47c7

    • SHA512

      63eb9cff7336560d8ce0cf20d8c4d9de472b75e2eeb5a110cdc376456e186525abc0ba0027801388688a42090508676d62c89929b97b2fe182dfa81d4b93bc33

    • SSDEEP

      12288:Ty90LeVHHspELXv+cg3gI+hzr03jzvMZvOwtP5k9q7WP:TyaRS+v2JI3jj6vldCA7WP

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks