General
-
Target
773a20b5f3670f579b7cc6b585612f08bb0a38de708c8ed2c7fc3f4ba50947bb
-
Size
719KB
-
Sample
221127-bp8basde4y
-
MD5
26f5d3798f5ac33460c20ced2ea56137
-
SHA1
b8c0827c71cab6b0e3c327f998756c032d75ac68
-
SHA256
773a20b5f3670f579b7cc6b585612f08bb0a38de708c8ed2c7fc3f4ba50947bb
-
SHA512
f2c1b8e26f488c388b50c13d4052295dda99d3778b64c28ba68d2e10d7cc6843fa01b6081d881889557ce99de969fb33ce8a29de1378015fb136731f0dd8805f
-
SSDEEP
1536:cd04boUzdIBsZUpUQSe1sjL/91IqmM4nouy8:cdJboUpEsueFssP11I5Mwout
Malware Config
Targets
-
-
Target
773a20b5f3670f579b7cc6b585612f08bb0a38de708c8ed2c7fc3f4ba50947bb
-
Size
719KB
-
MD5
26f5d3798f5ac33460c20ced2ea56137
-
SHA1
b8c0827c71cab6b0e3c327f998756c032d75ac68
-
SHA256
773a20b5f3670f579b7cc6b585612f08bb0a38de708c8ed2c7fc3f4ba50947bb
-
SHA512
f2c1b8e26f488c388b50c13d4052295dda99d3778b64c28ba68d2e10d7cc6843fa01b6081d881889557ce99de969fb33ce8a29de1378015fb136731f0dd8805f
-
SSDEEP
1536:cd04boUzdIBsZUpUQSe1sjL/91IqmM4nouy8:cdJboUpEsueFssP11I5Mwout
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-