General
-
Target
a86eac5dd875908aa1cbc0fc06db1bf44b17af03c7d8d9ae4c09f2b384579eba
-
Size
751KB
-
Sample
210511-ldrykyk1jx
-
MD5
8ff4b79d9144c00b5ff28cda0e98b402
-
SHA1
89f1650f3f68011f6a3239c2f2960207567348ba
-
SHA256
a86eac5dd875908aa1cbc0fc06db1bf44b17af03c7d8d9ae4c09f2b384579eba
-
SHA512
c0d276ca2a8731b3182fae9d71ff08af7fb4832f9ba9444762c168f79bf31fb0667b8b9b20c9e248d32dda16ef1ef387ccf79111d6e8a83b373892bc2ff9fcbe
Malware Config
Targets
-
-
Target
a86eac5dd875908aa1cbc0fc06db1bf44b17af03c7d8d9ae4c09f2b384579eba
-
Size
751KB
-
MD5
8ff4b79d9144c00b5ff28cda0e98b402
-
SHA1
89f1650f3f68011f6a3239c2f2960207567348ba
-
SHA256
a86eac5dd875908aa1cbc0fc06db1bf44b17af03c7d8d9ae4c09f2b384579eba
-
SHA512
c0d276ca2a8731b3182fae9d71ff08af7fb4832f9ba9444762c168f79bf31fb0667b8b9b20c9e248d32dda16ef1ef387ccf79111d6e8a83b373892bc2ff9fcbe
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-