General
-
Target
e6c8e776107631569e8de57fcb76ddfca55df37b52fc8dfdf733f7863da85fd7
-
Size
939KB
-
Sample
230419-br4qwshc3s
-
MD5
74d4b20c70c282fd3375a597b843fcfe
-
SHA1
d1235c980c542961d229a255285b4d27f691b9f2
-
SHA256
e6c8e776107631569e8de57fcb76ddfca55df37b52fc8dfdf733f7863da85fd7
-
SHA512
2894793f0912b0e0489a29bd0a5bdb8027baf3a64ae25ae8a5e9b2223c034f87156f9c4315c02739ad4dcba4fb750ec771fc635bef8dea6541a85dde379153c5
-
SSDEEP
24576:py/yw/sVaFxSWtc80cnSCTl2NgTOnTiM+6aOcqe+h:cN/sVaFxSycUSCTl2Ng4TiNKc6
Malware Config
Targets
-
-
Target
e6c8e776107631569e8de57fcb76ddfca55df37b52fc8dfdf733f7863da85fd7
-
Size
939KB
-
MD5
74d4b20c70c282fd3375a597b843fcfe
-
SHA1
d1235c980c542961d229a255285b4d27f691b9f2
-
SHA256
e6c8e776107631569e8de57fcb76ddfca55df37b52fc8dfdf733f7863da85fd7
-
SHA512
2894793f0912b0e0489a29bd0a5bdb8027baf3a64ae25ae8a5e9b2223c034f87156f9c4315c02739ad4dcba4fb750ec771fc635bef8dea6541a85dde379153c5
-
SSDEEP
24576:py/yw/sVaFxSWtc80cnSCTl2NgTOnTiM+6aOcqe+h:cN/sVaFxSycUSCTl2Ng4TiNKc6
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-