General

  • Target

    66b6b9718107b5a481bb70c32712b243b06b949939066504d2c938349acb0d08

  • Size

    564KB

  • Sample

    230424-ahyb3sgg32

  • MD5

    2dd94a75002b58c7f5045e49a4e2b749

  • SHA1

    427fa59027fc3b527f3d35cf991443e81bc1f063

  • SHA256

    66b6b9718107b5a481bb70c32712b243b06b949939066504d2c938349acb0d08

  • SHA512

    14a8736e41fce75e6f56c6c8edf7616d051eff168273454692da0cd29b701d1d356eb5db31ef3ab7633f6d61b84484586cce8a2a2ddaf19ce25242c16e474177

  • SSDEEP

    12288:ny90aNm1I4bbxKQ+O5Lh0I5Ozt0zthnMxDk/cLqGSTH:nymCSll35l12GztFWY/cLmH

Malware Config

Targets

    • Target

      66b6b9718107b5a481bb70c32712b243b06b949939066504d2c938349acb0d08

    • Size

      564KB

    • MD5

      2dd94a75002b58c7f5045e49a4e2b749

    • SHA1

      427fa59027fc3b527f3d35cf991443e81bc1f063

    • SHA256

      66b6b9718107b5a481bb70c32712b243b06b949939066504d2c938349acb0d08

    • SHA512

      14a8736e41fce75e6f56c6c8edf7616d051eff168273454692da0cd29b701d1d356eb5db31ef3ab7633f6d61b84484586cce8a2a2ddaf19ce25242c16e474177

    • SSDEEP

      12288:ny90aNm1I4bbxKQ+O5Lh0I5Ozt0zthnMxDk/cLqGSTH:nymCSll35l12GztFWY/cLmH

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks