General
-
Target
b9078c0d7f22c68e45f19bc5c9de1919f6a07f4cf85ccb8aa391d675e8e687f1
-
Size
3.0MB
-
Sample
221203-3x82cagf62
-
MD5
c2304d10fca46da64b7e4c91295f2d22
-
SHA1
92e66bacb7129f672d34b5f855b2a5b2721be2ee
-
SHA256
b9078c0d7f22c68e45f19bc5c9de1919f6a07f4cf85ccb8aa391d675e8e687f1
-
SHA512
f6db7a31fd6ab2fdeb5e1f4f99b945c749ae33f154da45f4f1cd1cf9705271374d10fffc46f88890b41e395560a5244843f443ff7fed279a732c4dd56a05e9e8
-
SSDEEP
49152:BdaaxdGvpwh7+UCSQTbHKlYtSFIZzg4ismy4keHFg5J7Daae3a6p+mTQYzcizg:/jxkBwha8Q/HKlYtQGvoA5J7DP3/YIb
Malware Config
Targets
-
-
Target
b9078c0d7f22c68e45f19bc5c9de1919f6a07f4cf85ccb8aa391d675e8e687f1
-
Size
3.0MB
-
MD5
c2304d10fca46da64b7e4c91295f2d22
-
SHA1
92e66bacb7129f672d34b5f855b2a5b2721be2ee
-
SHA256
b9078c0d7f22c68e45f19bc5c9de1919f6a07f4cf85ccb8aa391d675e8e687f1
-
SHA512
f6db7a31fd6ab2fdeb5e1f4f99b945c749ae33f154da45f4f1cd1cf9705271374d10fffc46f88890b41e395560a5244843f443ff7fed279a732c4dd56a05e9e8
-
SSDEEP
49152:BdaaxdGvpwh7+UCSQTbHKlYtSFIZzg4ismy4keHFg5J7Daae3a6p+mTQYzcizg:/jxkBwha8Q/HKlYtQGvoA5J7DP3/YIb
Score10/10-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-