Resubmissions
31-03-2023 18:49
230331-xgmkhsce75 7General
-
Target
KMS_Pico_Setup_Full_File.zip
-
Size
9.3MB
-
Sample
230331-xgmkhsce75
-
MD5
468f80bf850de90e2e7b34232e80020d
-
SHA1
cc6a4d4f3ba5c44bbad0ac4b0bc221eb3b0d5335
-
SHA256
a7248d1e579843c867e20538e5c557bd20d84b07612af7f1073363b3262c2f89
-
SHA512
a19f3ef4b2031cbef3c6c0e6696f8145aa56c383b63b0041b5510aeb3193962bcd22fe365b3a20799b7c420d0ddbed2e0c3669084617a70d974fe234ea070913
-
SSDEEP
196608:fvfVQrGP1j+vKqHhSYT5ZCQWZgaBcIpu9VecbMBdX5s3CmS9:PVQrGpqHcYzJ4HBc5Zkd5ICmM
Malware Config
Targets
-
-
Target
OPEN_SETUP_FILE_KMS_PICO_FULL.exe
-
Size
9.5MB
-
MD5
40637b33eac9f79cdeb8df7975d80c85
-
SHA1
fb167f4a7c9cfbf14df59accea1961160871c729
-
SHA256
ec6a3b8ca35b6fe0c19c0421fe19f29fc8899d9b25d242f13be26fb08d9e2afe
-
SHA512
e83359d020e2c691ac1df6161948fc3b92b5869e7c29c083c43543c4fc882ceabdde8d1e02ea4abbfd61f80038f6b5ca8a9e6410b8199daf94ec24a83823e14a
-
SSDEEP
196608:pxVQ9qHvHe98YVPEmzF/+Ek9amX46X8bViIJ+11R/c3CKS6:/VQ9qbYVMmt3C7X4NLOX/4CKl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-