General
-
Target
88812afd0432a4b86690d91eba4aa05cbb7e764cc512903ba92507ec6a3d6a1f
-
Size
1.1MB
-
Sample
221127-bqbnqaaa36
-
MD5
1459db879cfdf0a4fdda31a2adf341b3
-
SHA1
52f8fbf0f100acae7fff0be35d89439d7e6d0127
-
SHA256
88812afd0432a4b86690d91eba4aa05cbb7e764cc512903ba92507ec6a3d6a1f
-
SHA512
724d9f651b476d8bba5ac36bde16945bde90a875b4c79421816f9eb3345d38a178caac3d31dbf0213598c301d37f6be6d16f6636e22a3c0c1ed4374d4ee93d68
-
SSDEEP
1536:X2n2z/NfmeGrObqqvg5uJhy1haQ2R27sbXu7VUFm10IMSPzY2y76ldFkQZbe4fyQ:wKBmZGqqvgyhy1QRZaum1HBY2uKVDf
Malware Config
Targets
-
-
Target
88812afd0432a4b86690d91eba4aa05cbb7e764cc512903ba92507ec6a3d6a1f
-
Size
1.1MB
-
MD5
1459db879cfdf0a4fdda31a2adf341b3
-
SHA1
52f8fbf0f100acae7fff0be35d89439d7e6d0127
-
SHA256
88812afd0432a4b86690d91eba4aa05cbb7e764cc512903ba92507ec6a3d6a1f
-
SHA512
724d9f651b476d8bba5ac36bde16945bde90a875b4c79421816f9eb3345d38a178caac3d31dbf0213598c301d37f6be6d16f6636e22a3c0c1ed4374d4ee93d68
-
SSDEEP
1536:X2n2z/NfmeGrObqqvg5uJhy1haQ2R27sbXu7VUFm10IMSPzY2y76ldFkQZbe4fyQ:wKBmZGqqvgyhy1QRZaum1HBY2uKVDf
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-