General
-
Target
c810cf6e387cc3f66fd0c1b67264b729b1f3995ac3654364af652d084398fd98
-
Size
493KB
-
Sample
221030-ck5kaahben
-
MD5
92f95308b8391412431ff90e73b480e0
-
SHA1
199133998ce838f138a3fc628a35c42ae3503e51
-
SHA256
c810cf6e387cc3f66fd0c1b67264b729b1f3995ac3654364af652d084398fd98
-
SHA512
48a3079c31361d4080b90b33c4e95fe0eeefded7689a4610c27f0da79a2ab4730982b6157dc4eb80a3cd521ec95080c509512c3bf320f6b3de4543857fcb09e8
-
SSDEEP
12288:3uJ3pPSKKW4uAfK8s9rUfoTpacMb14sxk:3uCWbAy8s9gQTkcMb1M
Malware Config
Targets
-
-
Target
c810cf6e387cc3f66fd0c1b67264b729b1f3995ac3654364af652d084398fd98
-
Size
493KB
-
MD5
92f95308b8391412431ff90e73b480e0
-
SHA1
199133998ce838f138a3fc628a35c42ae3503e51
-
SHA256
c810cf6e387cc3f66fd0c1b67264b729b1f3995ac3654364af652d084398fd98
-
SHA512
48a3079c31361d4080b90b33c4e95fe0eeefded7689a4610c27f0da79a2ab4730982b6157dc4eb80a3cd521ec95080c509512c3bf320f6b3de4543857fcb09e8
-
SSDEEP
12288:3uJ3pPSKKW4uAfK8s9rUfoTpacMb14sxk:3uCWbAy8s9gQTkcMb1M
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-