General
-
Target
34a0657c9ea5d467c7a8299dc1975b7b200980b4df3b85b2d41eec9216252b4e
-
Size
1.5MB
-
Sample
230420-sqn3gsaf84
-
MD5
9f4141f6d6f4846c23dbaf832e3a0d2a
-
SHA1
599dd76c2eae50484afd964e002f9d00c57c3ec1
-
SHA256
34a0657c9ea5d467c7a8299dc1975b7b200980b4df3b85b2d41eec9216252b4e
-
SHA512
43749868ad4a518287ce35fe17e6639a22bf6427badbc40cc86fe6fa6182dad9838ca7d959d5463b93e8caebd4bdd9890c1853b81f0e13db4942bea150af71ec
-
SSDEEP
49152:+3MO/B0IEP9o6tXr4VwCC677OFamHf5anAb:MMmGPGYXrUwCC6dmHEg
Malware Config
Targets
-
-
Target
34a0657c9ea5d467c7a8299dc1975b7b200980b4df3b85b2d41eec9216252b4e
-
Size
1.5MB
-
MD5
9f4141f6d6f4846c23dbaf832e3a0d2a
-
SHA1
599dd76c2eae50484afd964e002f9d00c57c3ec1
-
SHA256
34a0657c9ea5d467c7a8299dc1975b7b200980b4df3b85b2d41eec9216252b4e
-
SHA512
43749868ad4a518287ce35fe17e6639a22bf6427badbc40cc86fe6fa6182dad9838ca7d959d5463b93e8caebd4bdd9890c1853b81f0e13db4942bea150af71ec
-
SSDEEP
49152:+3MO/B0IEP9o6tXr4VwCC677OFamHf5anAb:MMmGPGYXrUwCC6dmHEg
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-