004a8cc310aff8ac66cdf102844ef37a728f54963eaaf083a82c3a18ae3021fa

Tags

Signatures

• Checks computer location settings

  Description

  Looks up country code configured in the registry, likely geofence.

  TTPs

  Query RegistrySystem Information Discovery

• Loads dropped DLL

• Reads user/profile data of web browsers

  Description

  Infostealers often target stored browser data, which can include saved credentials etc.

  Tags

  spywarestealer

  TTPs

  Data from Local SystemCredentials in Files

• Checks installed software on the system

  Description

  Looks up Uninstall key entries in the registry to enumerate software on the system.

  Tags

  discovery

  TTPs

  Query Registry

• Installs/modifies Browser Helper Object

  Description

  BHOs are DLL modules which act as plugins for Internet Explorer.

  Tags

  stealeradware

  TTPs

  Modify RegistryBrowser Extensions

• Drops file in System32 directory

Related Tasks