General
-
Target
90aa988d07e5f03f0db9874c91c9a586406b54bbb5e17f667aa70278cf8eb7d2
-
Size
938KB
-
Sample
230418-wq1casdb93
-
MD5
31976b317f13fc8bb46d2d8099885ed6
-
SHA1
c8e481defbf1c2f95a12e2a67b99cf014cc126eb
-
SHA256
90aa988d07e5f03f0db9874c91c9a586406b54bbb5e17f667aa70278cf8eb7d2
-
SHA512
5bfe4b05c3e1bf588b7bc5c1158025bd10d3677dfe08c69fa89fa7926eda0a476c1622824e13ebb61db8b48b2526ffe659db44119f145511b8419c2e19ce9112
-
SSDEEP
24576:+ysZbyAkIgrkQFv2Qvvvxr4dt9X4A6u259N71:NsZbyA/gYu2AKB4Ak9x
Malware Config
Targets
-
-
Target
90aa988d07e5f03f0db9874c91c9a586406b54bbb5e17f667aa70278cf8eb7d2
-
Size
938KB
-
MD5
31976b317f13fc8bb46d2d8099885ed6
-
SHA1
c8e481defbf1c2f95a12e2a67b99cf014cc126eb
-
SHA256
90aa988d07e5f03f0db9874c91c9a586406b54bbb5e17f667aa70278cf8eb7d2
-
SHA512
5bfe4b05c3e1bf588b7bc5c1158025bd10d3677dfe08c69fa89fa7926eda0a476c1622824e13ebb61db8b48b2526ffe659db44119f145511b8419c2e19ce9112
-
SSDEEP
24576:+ysZbyAkIgrkQFv2Qvvvxr4dt9X4A6u259N71:NsZbyA/gYu2AKB4Ak9x
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-