Extracted

• • Target

    p9d2s.exe

  • Size

    279KB

  • MD5

    c8d1c103b214703e696023614b075c9d

  • SHA1

    06b5727434705f87a7cdfc7f5612630c4f3f06c2

  • SHA256

    f84038a5c35557bb57839423dcab27287ac5ab490fca503f496df61da5e2bc99

  • SHA512

    edcd3fb473a6316fec8568266f92b6c5ff0350ca401147669c5f92a0f0a28496ac371eb382fd8034e7e39ded2a61648fe222908a5c70d189675bee125dd0b10b

  • SSDEEP

    6144:Ekjaba2rnQPW2I4YCKMQ0iaOVCZgm0yAjn:E42rnQPW+60iaOVnmE

  Score

  7^/10

  discoveryspywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2