General
-
Target
b55c26b1268bfc47d21e2dfffa617eceaa29fb525b6bf630cc6338db1ef7e89b
-
Size
124KB
-
Sample
221203-r6r9eaab36
-
MD5
d19b993abac2d7786f69904379c13ef7
-
SHA1
890889d6b5488258df893179b65fd739c573d5b2
-
SHA256
b55c26b1268bfc47d21e2dfffa617eceaa29fb525b6bf630cc6338db1ef7e89b
-
SHA512
56cb670f30f1ee4b8790597a7067c1c14f9455ff075c1dbcbb1a86763776637bd530772429ae357ec9bb76add1524a76369d5c7a028499609851d567e353d8c9
-
SSDEEP
1536:GCxE8JHTdoQkO6xvJXzT0YpMgbQoToPQTiwHz7pj5omc4JyBMA6okrAbMftGG/2S:GuxBoJOMXzAMrTuw8aMBeokr4ja2P8I
Malware Config
Targets
-
-
Target
b55c26b1268bfc47d21e2dfffa617eceaa29fb525b6bf630cc6338db1ef7e89b
-
Size
124KB
-
MD5
d19b993abac2d7786f69904379c13ef7
-
SHA1
890889d6b5488258df893179b65fd739c573d5b2
-
SHA256
b55c26b1268bfc47d21e2dfffa617eceaa29fb525b6bf630cc6338db1ef7e89b
-
SHA512
56cb670f30f1ee4b8790597a7067c1c14f9455ff075c1dbcbb1a86763776637bd530772429ae357ec9bb76add1524a76369d5c7a028499609851d567e353d8c9
-
SSDEEP
1536:GCxE8JHTdoQkO6xvJXzT0YpMgbQoToPQTiwHz7pj5omc4JyBMA6okrAbMftGG/2S:GuxBoJOMXzAMrTuw8aMBeokr4ja2P8I
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-