General

  • Target

    285dd4a90419f041fd06721fa01e04ee24619115520973959a41580f92345bc2

  • Size

    1.1MB

  • Sample

    230426-wx88sach7x

  • MD5

    5108d1aa9f94b5e8511554f066c8abf9

  • SHA1

    538eb5a1a13aa143176af5bb9e2b3b0c326a5ade

  • SHA256

    285dd4a90419f041fd06721fa01e04ee24619115520973959a41580f92345bc2

  • SHA512

    84db650daed460ee4ddfe4b19c5440e412c1fe9fba8897481d1506ebaee0244d68a658659861fc1b7a67401de6b984cbed712cdbe5a509edc044852ed334fba6

  • SSDEEP

    24576:5yWaWc/2fRCDtPLxexwgdRS7El4q02yzNaeQl:sWNc/eAD99EwgdRBl4/DxaeQ

Malware Config

Targets

    • Target

      285dd4a90419f041fd06721fa01e04ee24619115520973959a41580f92345bc2

    • Size

      1.1MB

    • MD5

      5108d1aa9f94b5e8511554f066c8abf9

    • SHA1

      538eb5a1a13aa143176af5bb9e2b3b0c326a5ade

    • SHA256

      285dd4a90419f041fd06721fa01e04ee24619115520973959a41580f92345bc2

    • SHA512

      84db650daed460ee4ddfe4b19c5440e412c1fe9fba8897481d1506ebaee0244d68a658659861fc1b7a67401de6b984cbed712cdbe5a509edc044852ed334fba6

    • SSDEEP

      24576:5yWaWc/2fRCDtPLxexwgdRS7El4q02yzNaeQl:sWNc/eAD99EwgdRBl4/DxaeQ

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks