General
-
Target
f9a1f217b7c221179cd856c95448fbe4f3cb8101e5302f937704eb11bb6cde0a
-
Size
747KB
-
Sample
210511-hqw6ya9pye
-
MD5
381b4b11896e1b756327675084f325fd
-
SHA1
8f7b6098b168e822a18f0e274e9ddb9ac5a74a22
-
SHA256
f9a1f217b7c221179cd856c95448fbe4f3cb8101e5302f937704eb11bb6cde0a
-
SHA512
182de21ef4d7c5034d9159aaa8c0cde7f3cd2d05796ac54c5404be030db5856801146998d227151c70b9a22140b47715cb042bf2b6aeeef845d4b01eb2bb2b7a
Malware Config
Targets
-
-
Target
f9a1f217b7c221179cd856c95448fbe4f3cb8101e5302f937704eb11bb6cde0a
-
Size
747KB
-
MD5
381b4b11896e1b756327675084f325fd
-
SHA1
8f7b6098b168e822a18f0e274e9ddb9ac5a74a22
-
SHA256
f9a1f217b7c221179cd856c95448fbe4f3cb8101e5302f937704eb11bb6cde0a
-
SHA512
182de21ef4d7c5034d9159aaa8c0cde7f3cd2d05796ac54c5404be030db5856801146998d227151c70b9a22140b47715cb042bf2b6aeeef845d4b01eb2bb2b7a
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-