General
-
Target
6af63de4b9416803436d3da4eee02f46e03aeeea99052f652f99837442fdf0d1
-
Size
1.3MB
-
Sample
221205-wcla8abf26
-
MD5
9fe9bb67006647968587eacfbb2e1e3e
-
SHA1
20be04497ebf655a659a45351b389ff1a20fc449
-
SHA256
6af63de4b9416803436d3da4eee02f46e03aeeea99052f652f99837442fdf0d1
-
SHA512
9d49982357396acbc5892bb9e5188b7e4f4b1501f3466be78a5fbf7994afc74f356eb82df96f1f92a86cf9ddb5cdbdeb41ee7e319eccf0648ff1689bba6c447f
-
SSDEEP
24576:xjqAiVsGgwSxFtBWx9KKE0hyPKbDOw/yvqtygC1M8LKgez0r8w:x2Ai+GgXx30xgE4KbDXmqaM8bW0r8w
Malware Config
Targets
-
-
Target
6af63de4b9416803436d3da4eee02f46e03aeeea99052f652f99837442fdf0d1
-
Size
1.3MB
-
MD5
9fe9bb67006647968587eacfbb2e1e3e
-
SHA1
20be04497ebf655a659a45351b389ff1a20fc449
-
SHA256
6af63de4b9416803436d3da4eee02f46e03aeeea99052f652f99837442fdf0d1
-
SHA512
9d49982357396acbc5892bb9e5188b7e4f4b1501f3466be78a5fbf7994afc74f356eb82df96f1f92a86cf9ddb5cdbdeb41ee7e319eccf0648ff1689bba6c447f
-
SSDEEP
24576:xjqAiVsGgwSxFtBWx9KKE0hyPKbDOw/yvqtygC1M8LKgez0r8w:x2Ai+GgXx30xgE4KbDXmqaM8bW0r8w
Score10/10-
Modifies system executable filetype association
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-