General
-
Target
2e7a23302265f20a13b074af45847f786dd1c30a6f03e1e2cd871884cc77415c
-
Size
111KB
-
Sample
221028-2n5f5aahdk
-
MD5
0131eed1e59994a824a11fe0e68dd5c7
-
SHA1
4c3a020186be2bdd48468447649b5e56b99c7dd3
-
SHA256
2e7a23302265f20a13b074af45847f786dd1c30a6f03e1e2cd871884cc77415c
-
SHA512
68fe69beb522059edbcb4662794009a87aca3da0b5a6ffc6765b7ac6d24f47b9b3a012ad148e217b2b223a4910af28da386ba08a7950c8b4a0b6bc473b40785d
-
SSDEEP
3072:SaIuLuxCI5Q2JPnL6gxEMd3h/bUgOBnlDg:JtIK2JPL6g5Rjpshg
Malware Config
Targets
-
-
Target
2e7a23302265f20a13b074af45847f786dd1c30a6f03e1e2cd871884cc77415c
-
Size
111KB
-
MD5
0131eed1e59994a824a11fe0e68dd5c7
-
SHA1
4c3a020186be2bdd48468447649b5e56b99c7dd3
-
SHA256
2e7a23302265f20a13b074af45847f786dd1c30a6f03e1e2cd871884cc77415c
-
SHA512
68fe69beb522059edbcb4662794009a87aca3da0b5a6ffc6765b7ac6d24f47b9b3a012ad148e217b2b223a4910af28da386ba08a7950c8b4a0b6bc473b40785d
-
SSDEEP
3072:SaIuLuxCI5Q2JPnL6gxEMd3h/bUgOBnlDg:JtIK2JPL6g5Rjpshg
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-