General
-
Target
aaf8b6e1b16e202a3e6f41ab58b176974f2526412d0c1f6dd6fc34a7e0295199
-
Size
444KB
-
Sample
221003-xdfmssbccq
-
MD5
69be442bc04cf47b994946b206ef3fc0
-
SHA1
04c115e907cf1643e554ebac9108b28fa6948585
-
SHA256
aaf8b6e1b16e202a3e6f41ab58b176974f2526412d0c1f6dd6fc34a7e0295199
-
SHA512
24cd6659ae5c5311bc30d199ba3c566db8d31daf01556fd30ffd0bf8faad8d7d653148ebc8fedc321efbf06fbf1d19f35c938a0ed8f7dc13d46650aee476f711
-
SSDEEP
6144:Ry3v47D28WZgwqii3V2SbS7DmGvFhb9cwdudaBL34fE6fHBZa9hiXkTLeZ:Ry3aD28yDqii3PGmGvrbAdaBLcZUHX+
Malware Config
Targets
-
-
Target
aaf8b6e1b16e202a3e6f41ab58b176974f2526412d0c1f6dd6fc34a7e0295199
-
Size
444KB
-
MD5
69be442bc04cf47b994946b206ef3fc0
-
SHA1
04c115e907cf1643e554ebac9108b28fa6948585
-
SHA256
aaf8b6e1b16e202a3e6f41ab58b176974f2526412d0c1f6dd6fc34a7e0295199
-
SHA512
24cd6659ae5c5311bc30d199ba3c566db8d31daf01556fd30ffd0bf8faad8d7d653148ebc8fedc321efbf06fbf1d19f35c938a0ed8f7dc13d46650aee476f711
-
SSDEEP
6144:Ry3v47D28WZgwqii3V2SbS7DmGvFhb9cwdudaBL34fE6fHBZa9hiXkTLeZ:Ry3aD28yDqii3PGmGvrbAdaBLcZUHX+
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-