General

  • Target

    5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa

  • Size

    709KB

  • Sample

    230504-mz4awabg79

  • MD5

    f7dd21d911a69d374ed61cf4dfa05543

  • SHA1

    2bb841a26eae0743cdb7f422d03b0dc687139c43

  • SHA256

    5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa

  • SHA512

    c3028f6a2b60a300776ecb3576fa451acfc0ca88cfcb54f362f573d079ee65908f42c05d0c5b85e7158eedb88b46c93143fe5d8fe4bac9fc2b394f3efc8cc7f8

  • SSDEEP

    12288:PMrHy90VVCrP2n3TdxcGYX1QVshtTsClNA4GN9uuVttMFmIeA:MyMgPu3Tz6X1QXCl/AzEeA

Malware Config

Targets

    • Target

      5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa

    • Size

      709KB

    • MD5

      f7dd21d911a69d374ed61cf4dfa05543

    • SHA1

      2bb841a26eae0743cdb7f422d03b0dc687139c43

    • SHA256

      5c5f08e4c9eb98319cb6e6987952b461d53ba39c8c5f65e71e1ad158a73d3cfa

    • SHA512

      c3028f6a2b60a300776ecb3576fa451acfc0ca88cfcb54f362f573d079ee65908f42c05d0c5b85e7158eedb88b46c93143fe5d8fe4bac9fc2b394f3efc8cc7f8

    • SSDEEP

      12288:PMrHy90VVCrP2n3TdxcGYX1QVshtTsClNA4GN9uuVttMFmIeA:MyMgPu3Tz6X1QXCl/AzEeA

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks