General
-
Target
Adobe_Acrobat.zip
-
Size
239.9MB
-
Sample
221117-p1yg5aad8t
-
MD5
9fb35648a8b14d9b31118a1b268d35eb
-
SHA1
e51e0a7f4347b1acc2697bdbf7892d6cd623a661
-
SHA256
88e02def17fda0021d4dba5ea812772c542b0fa6ca8930bcf06c42375c00bd29
-
SHA512
9954a945b4defbfdd6fb2b22ae49a7f21af660f8dadece2c4a4c1c600fe6d2ca20f751bf32919b9ddf7745f2678c0ba49bcdfa8de075e79a69b4a6040cb2ceb5
-
SSDEEP
6291456:A/sB/gcoikWNxMn9hPQVup2q10A+j3oFwI7Jjx:A0B/gczS91QVup2q10A+rUwg5x
Malware Config
Targets
-
-
Target
Adobe Acrobat/setup.exe
-
Size
654.4MB
-
MD5
94032e57b7bd0b054e358ccafe314a5c
-
SHA1
8b693624f57e92da1ae0aff69cf010891710c0ec
-
SHA256
47332ce5b904b959aa814ddfde8662931fdfb5233422dc45053ad04cffc44fb4
-
SHA512
54e8ca05a317e53b7dfee8bd2ec89beb921017c0409c0b8d75cbf3cbea3a540d0e2781ee42a230ad52e92e1026d69e591c140606437ac4d096b13a578ceec242
-
SSDEEP
49152:sM9fgA9cT7dfGHESyneZnyT1M1kpRdjlEao5EBDtGQnlX8f/01A:bgpKEvTUEbG8l
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-