General
-
Target
57a4675a8231450ac70c34e2c52133eb3efc7424879abe9726167fbd0941e610
-
Size
839KB
-
Sample
221011-ntg15acgbl
-
MD5
7d4581d7703b7933722c5fd137f81e10
-
SHA1
1b3b262e36e5387c51eb63979d0cf524d2c00323
-
SHA256
57a4675a8231450ac70c34e2c52133eb3efc7424879abe9726167fbd0941e610
-
SHA512
12e2986042b99707f1b846e8a4bdac4f7eb3aba3e6597694d39e50425e38eaa461f9c054ac21c79339dba6425649042918af3909bc6c8c75d25e3e5b56dee6be
-
SSDEEP
24576:qu1ovvVfgIputUYjbkw0RSkafKynT4ZbTO:PovvK+uOYjbTkafKynw6
Malware Config
Targets
-
-
Target
57a4675a8231450ac70c34e2c52133eb3efc7424879abe9726167fbd0941e610
-
Size
839KB
-
MD5
7d4581d7703b7933722c5fd137f81e10
-
SHA1
1b3b262e36e5387c51eb63979d0cf524d2c00323
-
SHA256
57a4675a8231450ac70c34e2c52133eb3efc7424879abe9726167fbd0941e610
-
SHA512
12e2986042b99707f1b846e8a4bdac4f7eb3aba3e6597694d39e50425e38eaa461f9c054ac21c79339dba6425649042918af3909bc6c8c75d25e3e5b56dee6be
-
SSDEEP
24576:qu1ovvVfgIputUYjbkw0RSkafKynT4ZbTO:PovvK+uOYjbTkafKynw6
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-