General
-
Target
3e838a575b35b44253d689a25e69350aee487c385d22d7035816cf3b21fcf1c0
-
Size
966KB
-
Sample
230419-2svsgsdg94
-
MD5
3850b9107552d7ce4777d29213ede393
-
SHA1
4297a7fcc0939ee3e121ecd6da222072e4431273
-
SHA256
3e838a575b35b44253d689a25e69350aee487c385d22d7035816cf3b21fcf1c0
-
SHA512
7238e6269d1b3333003ea576d030c31ecec738986ff9f60eecded67e0cf2c3540beed453074eacb91dcb1fcd871070299ac0274cefc5bdd774b22cbf43dc12b3
-
SSDEEP
24576:dyxEGTg619m3bzUTcLLr6/AaAbC7iaRfVAno:4WGxm3RLO/AaUkRfVA
Malware Config
Targets
-
-
Target
3e838a575b35b44253d689a25e69350aee487c385d22d7035816cf3b21fcf1c0
-
Size
966KB
-
MD5
3850b9107552d7ce4777d29213ede393
-
SHA1
4297a7fcc0939ee3e121ecd6da222072e4431273
-
SHA256
3e838a575b35b44253d689a25e69350aee487c385d22d7035816cf3b21fcf1c0
-
SHA512
7238e6269d1b3333003ea576d030c31ecec738986ff9f60eecded67e0cf2c3540beed453074eacb91dcb1fcd871070299ac0274cefc5bdd774b22cbf43dc12b3
-
SSDEEP
24576:dyxEGTg619m3bzUTcLLr6/AaAbC7iaRfVAno:4WGxm3RLO/AaUkRfVA
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-