General
-
Target
01e561b62b1a7324e5f68fd682a93424ec74e6759a6cebab47a47b7ad24c6aa5
-
Size
748KB
-
Sample
210511-4qgx5ca3en
-
MD5
9749fd7c2472c9a5bc6209ad80a0ed05
-
SHA1
90a5764e0a1947774673c96e19f6ecbc4c9ba533
-
SHA256
01e561b62b1a7324e5f68fd682a93424ec74e6759a6cebab47a47b7ad24c6aa5
-
SHA512
13c96f9cecb00a3460f28eca227c1ad46251311b8c0b1a35af8ecb8e5132b11e66e00014a41132cc04ba92d58c347b07ef82ef8a5f7227454be1eba2e385fa35
Malware Config
Targets
-
-
Target
01e561b62b1a7324e5f68fd682a93424ec74e6759a6cebab47a47b7ad24c6aa5
-
Size
748KB
-
MD5
9749fd7c2472c9a5bc6209ad80a0ed05
-
SHA1
90a5764e0a1947774673c96e19f6ecbc4c9ba533
-
SHA256
01e561b62b1a7324e5f68fd682a93424ec74e6759a6cebab47a47b7ad24c6aa5
-
SHA512
13c96f9cecb00a3460f28eca227c1ad46251311b8c0b1a35af8ecb8e5132b11e66e00014a41132cc04ba92d58c347b07ef82ef8a5f7227454be1eba2e385fa35
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-