a0b32148ad9ab08390a0853d7a7ed7e51a8a87939a0a47a3fa6fa8fcbe2df24c

General

Target

a0b32148ad9ab08390a0853d7a7ed7e51a8a87939a0a47a3fa6fa8fcbe2df24c
Size

255KB
Sample

221124-l33cbafd97
MD5

1901816b417287691c3f8abbaf92abc9
SHA1

4fa5b140f2a4e19144a694537fe14bd77b0b18b5
SHA256

a0b32148ad9ab08390a0853d7a7ed7e51a8a87939a0a47a3fa6fa8fcbe2df24c
SHA512

9a5088de33acf92c9109cb0f497d9a782613830c40406e169a1ddf3c7c18e296a953b6cc36d20208901e55ca4732cfa259ea15f02bd9398f17dea09f9e694f99
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJS:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIV

Score

10^/10

Malware Config

Targets

- Target
  
  a0b32148ad9ab08390a0853d7a7ed7e51a8a87939a0a47a3fa6fa8fcbe2df24c
- Size
  
  255KB
- MD5
  
  1901816b417287691c3f8abbaf92abc9
- SHA1
  
  4fa5b140f2a4e19144a694537fe14bd77b0b18b5
- SHA256
  
  a0b32148ad9ab08390a0853d7a7ed7e51a8a87939a0a47a3fa6fa8fcbe2df24c
- SHA512
  
  9a5088de33acf92c9109cb0f497d9a782613830c40406e169a1ddf3c7c18e296a953b6cc36d20208901e55ca4732cfa259ea15f02bd9398f17dea09f9e694f99
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJS:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIV
Score

10^/10

evasion persistence spyware stealer trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2