General

  • Target

    333ae65b710efb8448420395534eca931898a734ba9358967637c13761f68382

  • Size

    1.0MB

  • Sample

    230424-akg3wagg39

  • MD5

    9539094e03a1413578c1e26495cb6ea3

  • SHA1

    d9d3fd8529033d321bf4fcd1bef4d1416655e7fb

  • SHA256

    333ae65b710efb8448420395534eca931898a734ba9358967637c13761f68382

  • SHA512

    193ceaf16d4488f22a37c0617d946aea3c97cea29a1017fc6b8604afc0e0641f09134a3e5fc2133e2d757e1409c8c7450a558ad779e69d6845fdbebf529aeaa0

  • SSDEEP

    24576:lcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:hmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      333ae65b710efb8448420395534eca931898a734ba9358967637c13761f68382

    • Size

      1.0MB

    • MD5

      9539094e03a1413578c1e26495cb6ea3

    • SHA1

      d9d3fd8529033d321bf4fcd1bef4d1416655e7fb

    • SHA256

      333ae65b710efb8448420395534eca931898a734ba9358967637c13761f68382

    • SHA512

      193ceaf16d4488f22a37c0617d946aea3c97cea29a1017fc6b8604afc0e0641f09134a3e5fc2133e2d757e1409c8c7450a558ad779e69d6845fdbebf529aeaa0

    • SSDEEP

      24576:lcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:hmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks