General

  • Target

    6aca803276c458358b028af62db5813baa04c695af20b317fc74ac65a504794f

  • Size

    1.0MB

  • Sample

    230425-k326wahe87

  • MD5

    db5a3d59a2de0f530df361d607c2053c

  • SHA1

    fe00a924f8699dcc4430d941898e25d75420b485

  • SHA256

    6aca803276c458358b028af62db5813baa04c695af20b317fc74ac65a504794f

  • SHA512

    5b32f8dcfb7b82713ee0a3e089afb27cb5d256c8282ba5269ac9c6e3f394bb4e546811067216249079978502c7a639693f02298489446954f13293bdd5af33b2

  • SSDEEP

    24576:E6i4P+bsiYh3ZkjvWm61BhJhzHGHkKPKRSlBrr39hLFtTdbBSAAqS:Cyh3CrfkBxzmHk6QS33HvFBS

Malware Config

Targets

    • Target

      6aca803276c458358b028af62db5813baa04c695af20b317fc74ac65a504794f

    • Size

      1.0MB

    • MD5

      db5a3d59a2de0f530df361d607c2053c

    • SHA1

      fe00a924f8699dcc4430d941898e25d75420b485

    • SHA256

      6aca803276c458358b028af62db5813baa04c695af20b317fc74ac65a504794f

    • SHA512

      5b32f8dcfb7b82713ee0a3e089afb27cb5d256c8282ba5269ac9c6e3f394bb4e546811067216249079978502c7a639693f02298489446954f13293bdd5af33b2

    • SSDEEP

      24576:E6i4P+bsiYh3ZkjvWm61BhJhzHGHkKPKRSlBrr39hLFtTdbBSAAqS:Cyh3CrfkBxzmHk6QS33HvFBS

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks