General
-
Target
7d380425d00f842364237ae5e2141ed1a11f95857ee7835fefdd3b4d1b61789b
-
Size
826KB
-
Sample
221206-vp5pysag31
-
MD5
19e6603fc037cd1267556ac92056cb40
-
SHA1
6dd367c5427f304f86324584bcfdb32add14049e
-
SHA256
7d380425d00f842364237ae5e2141ed1a11f95857ee7835fefdd3b4d1b61789b
-
SHA512
db408f2efecf18a04580badf50ea58e92918b4eab622f1d0a7688672203e4008e9d51c7e2fdd293d09cd6c0e5c9cf5cbe72c6c27d5df6ac2c1e1f5e17c8b19b5
-
SSDEEP
1536:VT7kWlngkYFKynXvAh1MFOMLwOueYdqXhVBZXcMik421dNSkWNVYM3O3:VMQgk6Kyn/wMFOMLN9AQdjWzT+
Malware Config
Targets
-
-
Target
7d380425d00f842364237ae5e2141ed1a11f95857ee7835fefdd3b4d1b61789b
-
Size
826KB
-
MD5
19e6603fc037cd1267556ac92056cb40
-
SHA1
6dd367c5427f304f86324584bcfdb32add14049e
-
SHA256
7d380425d00f842364237ae5e2141ed1a11f95857ee7835fefdd3b4d1b61789b
-
SHA512
db408f2efecf18a04580badf50ea58e92918b4eab622f1d0a7688672203e4008e9d51c7e2fdd293d09cd6c0e5c9cf5cbe72c6c27d5df6ac2c1e1f5e17c8b19b5
-
SSDEEP
1536:VT7kWlngkYFKynXvAh1MFOMLwOueYdqXhVBZXcMik421dNSkWNVYM3O3:VMQgk6Kyn/wMFOMLN9AQdjWzT+
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-