General
-
Target
a7af0b755c9a598c8e37f237dc024ca0e6879908ccf4cc7b749f78065452504e
-
Size
12.5MB
-
Sample
221124-ew441agf86
-
MD5
01069b81c9f161318890cc6471c5f03c
-
SHA1
c12e56ca5669d71d470800b2cad4fe5614c3e1e2
-
SHA256
a7af0b755c9a598c8e37f237dc024ca0e6879908ccf4cc7b749f78065452504e
-
SHA512
0cf5283db81d69ebb4e6ac57823e04351125170deaa9be9b0c45ee5e006f4f08e9a5db75e0667a7fa879d2e2c16380689d578bfd8f22239ae98be5ebdee5cb88
-
SSDEEP
393216:TfFnxnP45QFNNSHhJbqL0UZgSyFsanTSde1vrDPhr8:Ttn+5QFNN0JSKSyXnGE1nG
Malware Config
Targets
-
-
Target
a7af0b755c9a598c8e37f237dc024ca0e6879908ccf4cc7b749f78065452504e
-
Size
12.5MB
-
MD5
01069b81c9f161318890cc6471c5f03c
-
SHA1
c12e56ca5669d71d470800b2cad4fe5614c3e1e2
-
SHA256
a7af0b755c9a598c8e37f237dc024ca0e6879908ccf4cc7b749f78065452504e
-
SHA512
0cf5283db81d69ebb4e6ac57823e04351125170deaa9be9b0c45ee5e006f4f08e9a5db75e0667a7fa879d2e2c16380689d578bfd8f22239ae98be5ebdee5cb88
-
SSDEEP
393216:TfFnxnP45QFNNSHhJbqL0UZgSyFsanTSde1vrDPhr8:Ttn+5QFNN0JSKSyXnGE1nG
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-