General
-
Target
42f23340a607533d7b8ba503fed6e4c17128060437964ab63d2e2303ef017a85
-
Size
309KB
-
Sample
220919-pj6r6sged6
-
MD5
05d8b28ef74d1c138df47be2594d8bec
-
SHA1
2fdc187da5ae3dded13e439ae458c8abfe4fc9a1
-
SHA256
42f23340a607533d7b8ba503fed6e4c17128060437964ab63d2e2303ef017a85
-
SHA512
07ee537d450c9bd4f57002381cb93a491a88058e3e3c133c26d2ad9c33d07b565b1493d72a17b01bfc6eafca5f2eb065b1177bab190a27a3c57ff425e944193f
-
SSDEEP
3072:3Ysgk+ruvdasTt9NHhayrHlbGAP1Qm02B545g4FuB3bBo6P6We0VyOjUoutZOfNv:ur/oSsR
Malware Config
Targets
-
-
Target
42f23340a607533d7b8ba503fed6e4c17128060437964ab63d2e2303ef017a85
-
Size
309KB
-
MD5
05d8b28ef74d1c138df47be2594d8bec
-
SHA1
2fdc187da5ae3dded13e439ae458c8abfe4fc9a1
-
SHA256
42f23340a607533d7b8ba503fed6e4c17128060437964ab63d2e2303ef017a85
-
SHA512
07ee537d450c9bd4f57002381cb93a491a88058e3e3c133c26d2ad9c33d07b565b1493d72a17b01bfc6eafca5f2eb065b1177bab190a27a3c57ff425e944193f
-
SSDEEP
3072:3Ysgk+ruvdasTt9NHhayrHlbGAP1Qm02B545g4FuB3bBo6P6We0VyOjUoutZOfNv:ur/oSsR
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-