General
-
Target
85dfb3535a10b2c1a5688de6cc3d8240.bin
-
Size
380KB
-
Sample
230321-b12ynagc55
-
MD5
c4977208603c2d2d8b2c703aed955960
-
SHA1
d6fe6c6ad54681d7110dccf4f15173f76bc73312
-
SHA256
ebb13c6320767291a2f1156acf6456b240d389ede54b53d9e148aa6b07a1152b
-
SHA512
20ff0f6fe74dd9f6c5314a53532795373b0ccb02344a19d0a70ee5cc975e8bcad147f76db766c84d41e13b291afaa29ead97d7f030f4c34b13519fb4e5119aa5
-
SSDEEP
6144:Ts5zqYw4Sb7+gKB99TOTpKOB9QSZf4jqYROMUKqqamunMBO4DndRe7Bbj+OB2KWr:QZqJRaCp7B9QEAjqYR9qqAME4juj+OM9
Malware Config
Targets
-
-
Target
2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88.exe
-
Size
386KB
-
MD5
85dfb3535a10b2c1a5688de6cc3d8240
-
SHA1
16b2f3641ef3e1e94a437b1cf6ad8999eec367e7
-
SHA256
2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88
-
SHA512
d8cd83c0fa0b40e00931a2e6ae50fc4b9c4d710b6bdb069397266b55313f3534f57401bcb1665f04177a778e618e9a0bf875c1e53934e2b08be6bee0c74cfa51
-
SSDEEP
12288:PX4fljUcdN3yWSxAQQouKSFglssknxP4My/SmfV:PEBb3QpjOF4X/Sm
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Drops file in System32 directory
-