General
-
Target
471c2b14a5b44d517bb0977e6feffab6d3469332e3dc305fee1a34611d04fec1
-
Size
381KB
-
Sample
221003-15twaahggj
-
MD5
3204d83eb5de7777c50b8090ee144607
-
SHA1
6e89bd2b03c23316524b34b6a1aa3fdc60270974
-
SHA256
471c2b14a5b44d517bb0977e6feffab6d3469332e3dc305fee1a34611d04fec1
-
SHA512
09e5b394f13a239e5c9acbd229b0803434332062810a415974b282d038d328272a26e0eb2380519984b81f221fd7186d104a8c23086bd34c64d3a71a4c3e5255
-
SSDEEP
1536:Hxi3G2T45ouP0/KcLJsenPR3iuEmhgz7YbBWo1keQ/nouy8:Ri2oBjseJS9o11Kout
Malware Config
Targets
-
-
Target
471c2b14a5b44d517bb0977e6feffab6d3469332e3dc305fee1a34611d04fec1
-
Size
381KB
-
MD5
3204d83eb5de7777c50b8090ee144607
-
SHA1
6e89bd2b03c23316524b34b6a1aa3fdc60270974
-
SHA256
471c2b14a5b44d517bb0977e6feffab6d3469332e3dc305fee1a34611d04fec1
-
SHA512
09e5b394f13a239e5c9acbd229b0803434332062810a415974b282d038d328272a26e0eb2380519984b81f221fd7186d104a8c23086bd34c64d3a71a4c3e5255
-
SSDEEP
1536:Hxi3G2T45ouP0/KcLJsenPR3iuEmhgz7YbBWo1keQ/nouy8:Ri2oBjseJS9o11Kout
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-