General

  • Target

    921b8cc9e74e4b3a277e3a58721cccbf0ac0aee36afff270f75e9b289518ea54

  • Size

    1.0MB

  • Sample

    230424-ambzmsad2x

  • MD5

    e8e44812f8c0266408c8ec6031a8af25

  • SHA1

    f01f7edf653bd76951ac3aaafdaa5645e5b233b8

  • SHA256

    921b8cc9e74e4b3a277e3a58721cccbf0ac0aee36afff270f75e9b289518ea54

  • SHA512

    61cbb5037dc8c37405d57e661d0d5247add49050e09fed20e600bd7acee48a0786f6e9bced8230c23f2ab7cbbbf02ab544fc5c658114fd04c9c058da32a8717c

  • SSDEEP

    24576:4cIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:ImZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      921b8cc9e74e4b3a277e3a58721cccbf0ac0aee36afff270f75e9b289518ea54

    • Size

      1.0MB

    • MD5

      e8e44812f8c0266408c8ec6031a8af25

    • SHA1

      f01f7edf653bd76951ac3aaafdaa5645e5b233b8

    • SHA256

      921b8cc9e74e4b3a277e3a58721cccbf0ac0aee36afff270f75e9b289518ea54

    • SHA512

      61cbb5037dc8c37405d57e661d0d5247add49050e09fed20e600bd7acee48a0786f6e9bced8230c23f2ab7cbbbf02ab544fc5c658114fd04c9c058da32a8717c

    • SSDEEP

      24576:4cIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:ImZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks