Extracted

• • Target

    ce7693688ab545f0bed2d6caad602e59f7fde5327196019a561c796b29885132

  • Size

    96KB

  • MD5

    4809009fe0216997581564d7e5c9a6e4

  • SHA1

    66760122fc8a7527db089eb5d288338dc4756a09

  • SHA256

    ce7693688ab545f0bed2d6caad602e59f7fde5327196019a561c796b29885132

  • SHA512

    a18f582731d4cf09eafd696a807abd287d7305a847596fe8e85fcc5bcf9fe1d6fe00b8fdcdf09a2f6ae86a313568d0f76bc2d725e226ca0eb6c545b233f545dd

  • SSDEEP

    1536:e4qhBTyE/0nehr7FTquJ3Ue6Qt2I1m/bHTJKqOh:83lxTbJ3UXQlOTJK5h

  Score

  10^/10

  persistencespywarestealer

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2