General
-
Target
f714e0b0362ddc0ff1fccc388f5011824439b433a8dca38e305a3da1f354a85a
-
Size
364KB
-
Sample
220307-18jvgsgdh8
-
MD5
b3891a07e539a8e51fffae792aea861e
-
SHA1
18a849e869017c98ec260e4ccf809f51b38a79da
-
SHA256
f714e0b0362ddc0ff1fccc388f5011824439b433a8dca38e305a3da1f354a85a
-
SHA512
c549290e32936cc9f0ee5bf35f602d4dbb15aad2eccda6a140e715f69ac63bd92d5e8d27ad32e97de66685300bdfdfa2d65a4134a2e6a75b91f34e98b16b30bf
Malware Config
Targets
-
-
Target
f714e0b0362ddc0ff1fccc388f5011824439b433a8dca38e305a3da1f354a85a
-
Size
364KB
-
MD5
b3891a07e539a8e51fffae792aea861e
-
SHA1
18a849e869017c98ec260e4ccf809f51b38a79da
-
SHA256
f714e0b0362ddc0ff1fccc388f5011824439b433a8dca38e305a3da1f354a85a
-
SHA512
c549290e32936cc9f0ee5bf35f602d4dbb15aad2eccda6a140e715f69ac63bd92d5e8d27ad32e97de66685300bdfdfa2d65a4134a2e6a75b91f34e98b16b30bf
Score8/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-