General
-
Target
8f8ea83bc9158fd5cb09b360de9bfa51566b5fe0d67449ca3e98f88689901687
-
Size
1.1MB
-
Sample
230419-dppv3ahg3s
-
MD5
73df230095ef21ee8de620d87a692a57
-
SHA1
a7cb0e86b7734a84c58b395b4f98d68a400e654a
-
SHA256
8f8ea83bc9158fd5cb09b360de9bfa51566b5fe0d67449ca3e98f88689901687
-
SHA512
42c252c737618aacbb1ad2a7b498f96c8a4c4e4565174bf353c1eb945c7e0ef70c9ddcb45097be27618e4f9e95cc316db9f11eaffcbaffecf6afacd0e7003b0e
-
SSDEEP
24576:dy64jW9Mbb/hRcjFmOadUtp40KWsXFOgaH2rddF/h7HlTRHxc:4ZW96sZnwMK1OgkOdF5R1H
Malware Config
Targets
-
-
Target
8f8ea83bc9158fd5cb09b360de9bfa51566b5fe0d67449ca3e98f88689901687
-
Size
1.1MB
-
MD5
73df230095ef21ee8de620d87a692a57
-
SHA1
a7cb0e86b7734a84c58b395b4f98d68a400e654a
-
SHA256
8f8ea83bc9158fd5cb09b360de9bfa51566b5fe0d67449ca3e98f88689901687
-
SHA512
42c252c737618aacbb1ad2a7b498f96c8a4c4e4565174bf353c1eb945c7e0ef70c9ddcb45097be27618e4f9e95cc316db9f11eaffcbaffecf6afacd0e7003b0e
-
SSDEEP
24576:dy64jW9Mbb/hRcjFmOadUtp40KWsXFOgaH2rddF/h7HlTRHxc:4ZW96sZnwMK1OgkOdF5R1H
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-