General
-
Target
aae9fa928093560213af1c22f26f53d5e7472d14eed1afcee274056ae8a77e36
-
Size
966KB
-
Sample
230419-n6k9baac85
-
MD5
810fed74a17103bf335e0b27378cdc22
-
SHA1
1b54c1cd0e160fcbd24ba6a37120aa36b82b827a
-
SHA256
aae9fa928093560213af1c22f26f53d5e7472d14eed1afcee274056ae8a77e36
-
SHA512
f1c508a8d3c1143a82891dd05926b63f5a0268020125a96013115846e7e9c4e87bfea7a1b636765f2a719d5e56ac860b1b1fcf57af4d22a29b6dcc2dfbebb93d
-
SSDEEP
24576:+y4SlfhH2MN/QtSntuKtrB6J6eRp7jAW9+OIb:NJfhH2ksSntFtr4JBu
Malware Config
Targets
-
-
Target
aae9fa928093560213af1c22f26f53d5e7472d14eed1afcee274056ae8a77e36
-
Size
966KB
-
MD5
810fed74a17103bf335e0b27378cdc22
-
SHA1
1b54c1cd0e160fcbd24ba6a37120aa36b82b827a
-
SHA256
aae9fa928093560213af1c22f26f53d5e7472d14eed1afcee274056ae8a77e36
-
SHA512
f1c508a8d3c1143a82891dd05926b63f5a0268020125a96013115846e7e9c4e87bfea7a1b636765f2a719d5e56ac860b1b1fcf57af4d22a29b6dcc2dfbebb93d
-
SSDEEP
24576:+y4SlfhH2MN/QtSntuKtrB6J6eRp7jAW9+OIb:NJfhH2ksSntFtr4JBu
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-