General

  • Target

    32be64cff3e7f6fa5c848bd30881951441e1653a921f013a3b0b1a9a552f591e

  • Size

    564KB

  • Sample

    230424-al4y2aad2v

  • MD5

    136202ebfcdb9d6671a1f1989177c23e

  • SHA1

    64a1b1eb15f981ae6727150f07a73b6cf3f916d8

  • SHA256

    32be64cff3e7f6fa5c848bd30881951441e1653a921f013a3b0b1a9a552f591e

  • SHA512

    2391f3c145b4e481be9eb77a39597938687c1bb454ea427dea32b81233e3b42fcbd998e23f46b43881df819533b8a815fe190fef7206cd30140d062691a35c72

  • SSDEEP

    12288:My90a10YAtKKxA5MxfIgDzl02JzcM6ES7OcFc:Myh0YgO5M5ve2JA1Eb0c

Malware Config

Targets

    • Target

      32be64cff3e7f6fa5c848bd30881951441e1653a921f013a3b0b1a9a552f591e

    • Size

      564KB

    • MD5

      136202ebfcdb9d6671a1f1989177c23e

    • SHA1

      64a1b1eb15f981ae6727150f07a73b6cf3f916d8

    • SHA256

      32be64cff3e7f6fa5c848bd30881951441e1653a921f013a3b0b1a9a552f591e

    • SHA512

      2391f3c145b4e481be9eb77a39597938687c1bb454ea427dea32b81233e3b42fcbd998e23f46b43881df819533b8a815fe190fef7206cd30140d062691a35c72

    • SSDEEP

      12288:My90a10YAtKKxA5MxfIgDzl02JzcM6ES7OcFc:Myh0YgO5M5ve2JA1Eb0c

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks