5d7f07201565273a9f5f4db7c736a53244dcb0c5a57b5b60e80e002d3212ecf4

General

Target

5d7f07201565273a9f5f4db7c736a53244dcb0c5a57b5b60e80e002d3212ecf4
Size

479KB
Sample

221203-16xzbseb4z
MD5

13cc8500825e718f46b6b3cecd634480
SHA1

cb100a55b1c288c4b9fc9d81acdcffacf0834545
SHA256

5d7f07201565273a9f5f4db7c736a53244dcb0c5a57b5b60e80e002d3212ecf4
SHA512

b3b1382e1d0feed46eb9542d79c99c6d45bcfab4bf3c207ae55528b5bc8a25f5dba066bc498069a8ed838168442add56193280b663fb76d21d1b9747154877e2
SSDEEP

1536:Zt34WlngkYFKynXvAh1MFOMLwOueYdqXhVBZXcMik421dNSkWNVYM3O3:ZCQgk6Kyn/wMFOMLN9AQdjWzT+

Score

10^/10

Malware Config

Targets

- Target
  
  5d7f07201565273a9f5f4db7c736a53244dcb0c5a57b5b60e80e002d3212ecf4
- Size
  
  479KB
- MD5
  
  13cc8500825e718f46b6b3cecd634480
- SHA1
  
  cb100a55b1c288c4b9fc9d81acdcffacf0834545
- SHA256
  
  5d7f07201565273a9f5f4db7c736a53244dcb0c5a57b5b60e80e002d3212ecf4
- SHA512
  
  b3b1382e1d0feed46eb9542d79c99c6d45bcfab4bf3c207ae55528b5bc8a25f5dba066bc498069a8ed838168442add56193280b663fb76d21d1b9747154877e2
- SSDEEP
  
  1536:Zt34WlngkYFKynXvAh1MFOMLwOueYdqXhVBZXcMik421dNSkWNVYM3O3:ZCQgk6Kyn/wMFOMLN9AQdjWzT+
Score

10^/10

evasion persistence spyware stealer trojan upx
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2