General
-
Target
file.exe
-
Size
7.3MB
-
Sample
230103-hvyglsaf63
-
MD5
5b17a340fbcc133a2a32e5001b4fbf56
-
SHA1
8604d1d2b6ddbd78a923cd820f4a03b3ea88d22a
-
SHA256
053059d0d054ec71bb83d8775a0c5d699d571342ae6527e2e293ad8cd4809a57
-
SHA512
8534900f774241431850e7abbdc2d6defd4654abf4cbacb4618075e21f0e796d8583c3bef8a2dc694dca1093ba5544da127b7201a7e5f09620484a6e53bf6a6f
-
SSDEEP
196608:91OflGEcR3zNcNCJZzi2v0GUUi3BvzvahwyfP+P1+:3OfErRRQS9sRTRvAtfmP1+
Malware Config
Targets
-
-
Target
file.exe
-
Size
7.3MB
-
MD5
5b17a340fbcc133a2a32e5001b4fbf56
-
SHA1
8604d1d2b6ddbd78a923cd820f4a03b3ea88d22a
-
SHA256
053059d0d054ec71bb83d8775a0c5d699d571342ae6527e2e293ad8cd4809a57
-
SHA512
8534900f774241431850e7abbdc2d6defd4654abf4cbacb4618075e21f0e796d8583c3bef8a2dc694dca1093ba5544da127b7201a7e5f09620484a6e53bf6a6f
-
SSDEEP
196608:91OflGEcR3zNcNCJZzi2v0GUUi3BvzvahwyfP+P1+:3OfErRRQS9sRTRvAtfmP1+
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-