General
-
Target
4b1baf70f23a5a569baf66dcd2823815bf18c40bec35a8d912407ef9e36581d3
-
Size
938KB
-
Sample
230418-q1cq4abg28
-
MD5
b8d20bb5c388e35de5ccd659ff87a087
-
SHA1
a5f64ea11ffe45671b308520c58fb2ed2489e57a
-
SHA256
4b1baf70f23a5a569baf66dcd2823815bf18c40bec35a8d912407ef9e36581d3
-
SHA512
c47898b3c6d7a36031d9837120d91e98c41f748d569830b039318cc1ff55e61efacd500f2a0765fe5085d5c1a9af18c7795509e9b91ed48248488e6d1b2ae73e
-
SSDEEP
24576:AynLudA3nrA4UZoflaa+8ugVmF3CO7rYMl0KezME:HydA3rA/Zo0a+85mCH4
Malware Config
Targets
-
-
Target
4b1baf70f23a5a569baf66dcd2823815bf18c40bec35a8d912407ef9e36581d3
-
Size
938KB
-
MD5
b8d20bb5c388e35de5ccd659ff87a087
-
SHA1
a5f64ea11ffe45671b308520c58fb2ed2489e57a
-
SHA256
4b1baf70f23a5a569baf66dcd2823815bf18c40bec35a8d912407ef9e36581d3
-
SHA512
c47898b3c6d7a36031d9837120d91e98c41f748d569830b039318cc1ff55e61efacd500f2a0765fe5085d5c1a9af18c7795509e9b91ed48248488e6d1b2ae73e
-
SSDEEP
24576:AynLudA3nrA4UZoflaa+8ugVmF3CO7rYMl0KezME:HydA3rA/Zo0a+85mCH4
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-