General

  • Target

    328257b353f3566fdfc4c66909ae8a74b857caede663ff9bb65b5c19cb7259b3

  • Size

    1.2MB

  • Sample

    230424-yascvseb32

  • MD5

    dacf33cd7a23832603dd83e701bb2eb5

  • SHA1

    c822f08c8a8ee37656fbc2b5fc0c0f51538ade68

  • SHA256

    328257b353f3566fdfc4c66909ae8a74b857caede663ff9bb65b5c19cb7259b3

  • SHA512

    30ce3823e3ef8ed661bc44c9aff5e66725bba3ef75dd4279d00b582eabf462f0b56db44ea567b3516062ed440a0372c8b79af9db2b21e8165d610a966ca75c5b

  • SSDEEP

    24576:cc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:ccQrSmdcpOdp/gX

Malware Config

Targets

    • Target

      328257b353f3566fdfc4c66909ae8a74b857caede663ff9bb65b5c19cb7259b3

    • Size

      1.2MB

    • MD5

      dacf33cd7a23832603dd83e701bb2eb5

    • SHA1

      c822f08c8a8ee37656fbc2b5fc0c0f51538ade68

    • SHA256

      328257b353f3566fdfc4c66909ae8a74b857caede663ff9bb65b5c19cb7259b3

    • SHA512

      30ce3823e3ef8ed661bc44c9aff5e66725bba3ef75dd4279d00b582eabf462f0b56db44ea567b3516062ed440a0372c8b79af9db2b21e8165d610a966ca75c5b

    • SSDEEP

      24576:cc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:ccQrSmdcpOdp/gX

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks