General
-
Target
037bf2f69da15246646203c0a7bcbf602136b02f61601df3a5dd8ce1e8da65c0
-
Size
556KB
-
Sample
221127-jssc9abb56
-
MD5
55113c969cc06b001416248a5fa292e4
-
SHA1
9046e539b20407a00237f07eab571e21cc1896b8
-
SHA256
037bf2f69da15246646203c0a7bcbf602136b02f61601df3a5dd8ce1e8da65c0
-
SHA512
5252afc3886b09d55139de6d298230f4c2c45deddc8824373364947de510ce45cf6e37d0eb9802f3d5c5587a3a4e03730d780c1a0906f98854c77167ca981089
-
SSDEEP
12288:J7Lo8Rs90X41cnOOWB2KpyYK4BVqZDx2mpmHPW9GROsI8w:J7L1yMgcnOds44Fp2PWUDI8
Malware Config
Targets
-
-
Target
037bf2f69da15246646203c0a7bcbf602136b02f61601df3a5dd8ce1e8da65c0
-
Size
556KB
-
MD5
55113c969cc06b001416248a5fa292e4
-
SHA1
9046e539b20407a00237f07eab571e21cc1896b8
-
SHA256
037bf2f69da15246646203c0a7bcbf602136b02f61601df3a5dd8ce1e8da65c0
-
SHA512
5252afc3886b09d55139de6d298230f4c2c45deddc8824373364947de510ce45cf6e37d0eb9802f3d5c5587a3a4e03730d780c1a0906f98854c77167ca981089
-
SSDEEP
12288:J7Lo8Rs90X41cnOOWB2KpyYK4BVqZDx2mpmHPW9GROsI8w:J7L1yMgcnOds44Fp2PWUDI8
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-