General
-
Target
e26b40d79d5205a307b093387c124d06bf986fbfaf745f0bc1a5721a064f7cea
-
Size
828KB
-
Sample
230419-rl4rpsba47
-
MD5
9b737815c857e721a6d4b364b167046b
-
SHA1
5873cfb68a06de7abd195aefc9b847678efef5b1
-
SHA256
e26b40d79d5205a307b093387c124d06bf986fbfaf745f0bc1a5721a064f7cea
-
SHA512
b3105fc3a056c32140cf0b700a054387f3958c06402bda90a5690e3e56fb902dbcd07732e751db1b009ad6907882dbdbd7639e6c256e1b77b06b8ebb8b8c0f61
-
SSDEEP
12288:My903cPN3ryHYqsfcDYEbT8yTm6PeFmBINJFOpK+bmlDcsc+1I+bLcj7:MytFby4o5fa6PeFm+J+vqgsc+1JY3
Malware Config
Targets
-
-
Target
e26b40d79d5205a307b093387c124d06bf986fbfaf745f0bc1a5721a064f7cea
-
Size
828KB
-
MD5
9b737815c857e721a6d4b364b167046b
-
SHA1
5873cfb68a06de7abd195aefc9b847678efef5b1
-
SHA256
e26b40d79d5205a307b093387c124d06bf986fbfaf745f0bc1a5721a064f7cea
-
SHA512
b3105fc3a056c32140cf0b700a054387f3958c06402bda90a5690e3e56fb902dbcd07732e751db1b009ad6907882dbdbd7639e6c256e1b77b06b8ebb8b8c0f61
-
SSDEEP
12288:My903cPN3ryHYqsfcDYEbT8yTm6PeFmBINJFOpK+bmlDcsc+1I+bLcj7:MytFby4o5fa6PeFm+J+vqgsc+1JY3
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-