General
-
Target
RonaWindSetup.exe
-
Size
67.6MB
-
Sample
230402-2j33haba52
-
MD5
d68dc63c71466ab7473b8452773ee381
-
SHA1
e2b62184339c066f3958975e8d7e9c02f6185dec
-
SHA256
485c10e2cdfb12719af452698a0dfc4ccc77a5fa875fe9ded9458d50493b657d
-
SHA512
83ef1e09a2b5d859047ec92f275176a24b281febe34adf133066e9c508cb9b406fe0d50d04df0ee4dd146bd1ec28be1a3d3c931856ec641a1c290d08f018efb3
-
SSDEEP
1572864:/kn/bfPa1o9Yl/7JJ7Ko7bFZg6+Nk8YQMKRI+FMKNpBVPjIUyY/X:/KbK1o9YjJuyFZ9+mmRKK/bhVv
Malware Config
Targets
-
-
Target
RonaWindSetup.exe
-
Size
67.6MB
-
MD5
d68dc63c71466ab7473b8452773ee381
-
SHA1
e2b62184339c066f3958975e8d7e9c02f6185dec
-
SHA256
485c10e2cdfb12719af452698a0dfc4ccc77a5fa875fe9ded9458d50493b657d
-
SHA512
83ef1e09a2b5d859047ec92f275176a24b281febe34adf133066e9c508cb9b406fe0d50d04df0ee4dd146bd1ec28be1a3d3c931856ec641a1c290d08f018efb3
-
SSDEEP
1572864:/kn/bfPa1o9Yl/7JJ7Ko7bFZg6+Nk8YQMKRI+FMKNpBVPjIUyY/X:/KbK1o9YjJuyFZ9+mmRKK/bhVv
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-