General

  • Target

    ef51b2de2900d5538757fb8d81857be0f928671c1a44ae729309d8cabcf12278

  • Size

    694KB

  • Sample

    230426-dandpage3t

  • MD5

    791fdc7f623993f87843b34132b6614c

  • SHA1

    83b4759d1f57df37c0c1a46577669142e1a90716

  • SHA256

    ef51b2de2900d5538757fb8d81857be0f928671c1a44ae729309d8cabcf12278

  • SHA512

    fc93f5d4ed10593a3b2e4a359842262a72dd90ea4aa440a0743330f457140f9f1067266183de9ba844f15d1b82cd78f3e71bf0dae17aafe2ff58e258df455e6a

  • SSDEEP

    12288:ly90SAKZCpM8JunHhsFORwDd3n2XQeXHg/Wt6F618bhKRA+VxZrn2:lyuMhUORwJ3n6QVS6F618bhKPD2

Malware Config

Targets

    • Target

      ef51b2de2900d5538757fb8d81857be0f928671c1a44ae729309d8cabcf12278

    • Size

      694KB

    • MD5

      791fdc7f623993f87843b34132b6614c

    • SHA1

      83b4759d1f57df37c0c1a46577669142e1a90716

    • SHA256

      ef51b2de2900d5538757fb8d81857be0f928671c1a44ae729309d8cabcf12278

    • SHA512

      fc93f5d4ed10593a3b2e4a359842262a72dd90ea4aa440a0743330f457140f9f1067266183de9ba844f15d1b82cd78f3e71bf0dae17aafe2ff58e258df455e6a

    • SSDEEP

      12288:ly90SAKZCpM8JunHhsFORwDd3n2XQeXHg/Wt6F618bhKRA+VxZrn2:lyuMhUORwJ3n6QVS6F618bhKPD2

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks