f0c67a734fbe76a1e91d97d4a3a0b97c507654ac45dddfbc3536619fe2aad06b

General

Target

f0c67a734fbe76a1e91d97d4a3a0b97c507654ac45dddfbc3536619fe2aad06b
Size

255KB
Sample

221030-bas8tsecc4
MD5

a3c020084256c9bcbac1c639a72a54c0
SHA1

5e268c9a2c084975126bb6688dadcad5c42755da
SHA256

f0c67a734fbe76a1e91d97d4a3a0b97c507654ac45dddfbc3536619fe2aad06b
SHA512

0a13f9297da45c54d29a50c41bf56c25b48c1e1657f04388251da137267f9af94d8d01e0722f36cb1d5385c6fa000ea6de79574f210a169fd342eec13cad3220
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJp:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIu

Score

10^/10

Malware Config

Targets

- Target
  
  f0c67a734fbe76a1e91d97d4a3a0b97c507654ac45dddfbc3536619fe2aad06b
- Size
  
  255KB
- MD5
  
  a3c020084256c9bcbac1c639a72a54c0
- SHA1
  
  5e268c9a2c084975126bb6688dadcad5c42755da
- SHA256
  
  f0c67a734fbe76a1e91d97d4a3a0b97c507654ac45dddfbc3536619fe2aad06b
- SHA512
  
  0a13f9297da45c54d29a50c41bf56c25b48c1e1657f04388251da137267f9af94d8d01e0722f36cb1d5385c6fa000ea6de79574f210a169fd342eec13cad3220
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJp:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIu
Score

10^/10

evasion persistence spyware stealer trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2