103f90b217ded80990f9967fe59fd0c09ec0f631f76e1476142248baf5c21a82

General

Target

103f90b217ded80990f9967fe59fd0c09ec0f631f76e1476142248baf5c21a82
Size

255KB
Sample

221123-zyhzrshb4y
MD5

98517f9c412d1e224b62ac7f779feda5
SHA1

3b2cfdc9ba2177b640894f73c0d2709ca0969508
SHA256

103f90b217ded80990f9967fe59fd0c09ec0f631f76e1476142248baf5c21a82
SHA512

9edb988ce7dfb8bf36f521bd437aa45f97e2077fcd053eb175080a90b3e2056e1a24cdeca468c2e25d2e57cbbfbc9e1fdde6510fc94c4998826c05732439ee82
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJa:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIJ

Score

10^/10

Malware Config

Targets

- Target
  
  103f90b217ded80990f9967fe59fd0c09ec0f631f76e1476142248baf5c21a82
- Size
  
  255KB
- MD5
  
  98517f9c412d1e224b62ac7f779feda5
- SHA1
  
  3b2cfdc9ba2177b640894f73c0d2709ca0969508
- SHA256
  
  103f90b217ded80990f9967fe59fd0c09ec0f631f76e1476142248baf5c21a82
- SHA512
  
  9edb988ce7dfb8bf36f521bd437aa45f97e2077fcd053eb175080a90b3e2056e1a24cdeca468c2e25d2e57cbbfbc9e1fdde6510fc94c4998826c05732439ee82
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJa:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIJ
Score

10^/10

evasion persistence spyware stealer trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2