General
-
Target
e53f7af33d8d2fcb0b17f95e68fb87d804e9507cd7bf3761fd0d6110847137f9
-
Size
941KB
-
Sample
230202-c4qv8sed44
-
MD5
b3c5f884d334849afa4d1024e2bbf7de
-
SHA1
7634756d77797d1bffcda94c41a3a024dd056e50
-
SHA256
e53f7af33d8d2fcb0b17f95e68fb87d804e9507cd7bf3761fd0d6110847137f9
-
SHA512
6caa0c024964e186ead12d44de0d291efd931d39ced91dc62fbfd69bd60ad0d00b295498e44f845a9021003427a67b110f667fbcbeaf52dab936e13fc58fc088
-
SSDEEP
24576:fEx45zxI+PuzrsFW++jiel4HqK/Up4nt:rzxID3sFW++eesqEU2n
Malware Config
Targets
-
-
Target
e53f7af33d8d2fcb0b17f95e68fb87d804e9507cd7bf3761fd0d6110847137f9
-
Size
941KB
-
MD5
b3c5f884d334849afa4d1024e2bbf7de
-
SHA1
7634756d77797d1bffcda94c41a3a024dd056e50
-
SHA256
e53f7af33d8d2fcb0b17f95e68fb87d804e9507cd7bf3761fd0d6110847137f9
-
SHA512
6caa0c024964e186ead12d44de0d291efd931d39ced91dc62fbfd69bd60ad0d00b295498e44f845a9021003427a67b110f667fbcbeaf52dab936e13fc58fc088
-
SSDEEP
24576:fEx45zxI+PuzrsFW++jiel4HqK/Up4nt:rzxID3sFW++eesqEU2n
Score10/10-
Modifies system executable filetype association
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Change Default File Association
1Hidden Files and Directories
4Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
9Hidden Files and Directories
4Bypass User Account Control
1Disabling Security Tools
1File Permissions Modification
1