General
-
Target
f2c89c3511c54f9a8a399c3403ab3ac86f7ff415827cdfe2944e8cff221f8486
-
Size
840KB
-
Sample
221020-14k7raggf8
-
MD5
5f6d152f03bdbd19a14dfdfc48492db8
-
SHA1
cdae6bd9ce7e1793b5f0b02e394d006fa6a3f662
-
SHA256
f2c89c3511c54f9a8a399c3403ab3ac86f7ff415827cdfe2944e8cff221f8486
-
SHA512
3ec4215add8d8e345a4fead247b46c11e3c9c34438ff3bcb5b0a5418020b52da3eb84e7fc3a9ff2f8205f53cae59f1b67774a623639e6e87ca0d1548747ccf4b
-
SSDEEP
12288:VCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Qk9P7nCvX6MNYLIbgYJ3chra+GbrL
Malware Config
Targets
-
-
Target
f2c89c3511c54f9a8a399c3403ab3ac86f7ff415827cdfe2944e8cff221f8486
-
Size
840KB
-
MD5
5f6d152f03bdbd19a14dfdfc48492db8
-
SHA1
cdae6bd9ce7e1793b5f0b02e394d006fa6a3f662
-
SHA256
f2c89c3511c54f9a8a399c3403ab3ac86f7ff415827cdfe2944e8cff221f8486
-
SHA512
3ec4215add8d8e345a4fead247b46c11e3c9c34438ff3bcb5b0a5418020b52da3eb84e7fc3a9ff2f8205f53cae59f1b67774a623639e6e87ca0d1548747ccf4b
-
SSDEEP
12288:VCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Qk9P7nCvX6MNYLIbgYJ3chra+GbrL
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-