General
-
Target
file.exe
-
Size
7.2MB
-
Sample
221223-k3wn4agc22
-
MD5
ff55f4067e93ffb346a752baf7b5ced3
-
SHA1
1656902f49e626a01d9f7f41de1d983ccc21b376
-
SHA256
0db6a5a7e7be62c8fd8b206bd889285aebafe58692bb718768449b06ae7ae1bc
-
SHA512
a4bd8090df176f0cc428e5c9198cbaa32c8775be26fd1cd45c181cbef9e58811b218dc21da7d9350fbae7ac2bdfdc75bd5dc30bc3d8b7d9433e4d30fc775517a
-
SSDEEP
196608:91OI/5t5b5FeRP6Z28u8NEFTyPpxonTewNPljKt3qEKR7xf7:3OE9s8NiTUpCnDVKt3qEe7xD
Malware Config
Targets
-
-
Target
file.exe
-
Size
7.2MB
-
MD5
ff55f4067e93ffb346a752baf7b5ced3
-
SHA1
1656902f49e626a01d9f7f41de1d983ccc21b376
-
SHA256
0db6a5a7e7be62c8fd8b206bd889285aebafe58692bb718768449b06ae7ae1bc
-
SHA512
a4bd8090df176f0cc428e5c9198cbaa32c8775be26fd1cd45c181cbef9e58811b218dc21da7d9350fbae7ac2bdfdc75bd5dc30bc3d8b7d9433e4d30fc775517a
-
SSDEEP
196608:91OI/5t5b5FeRP6Z28u8NEFTyPpxonTewNPljKt3qEKR7xf7:3OE9s8NiTUpCnDVKt3qEe7xD
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-