General
-
Target
15f201041269dc9b88921722e6bedca8ba15c6543d99402ce22946d7444754ef
-
Size
1019KB
-
Sample
230422-b6p62sde5w
-
MD5
87c04fc87455a8b7365edb6c1ac66aac
-
SHA1
800e6e9cf0ca7a86bd7667fe6f649fcda2b3dffb
-
SHA256
15f201041269dc9b88921722e6bedca8ba15c6543d99402ce22946d7444754ef
-
SHA512
18b8c0d1fd721b96c957ccb1079db2fd056a291a3bdf998c5f46fed69b29ba0a6c7ae6da31dcc7dc61928f1aceb36d3165ac892e1fc769c30084aaabfcf96d7f
-
SSDEEP
24576:By924B1TKIwrEIyBgvVSZXOD/e/fc/MH8KNchiBhz:0924BcIGoeNSZXOb6fc/nKNco
Malware Config
Targets
-
-
Target
15f201041269dc9b88921722e6bedca8ba15c6543d99402ce22946d7444754ef
-
Size
1019KB
-
MD5
87c04fc87455a8b7365edb6c1ac66aac
-
SHA1
800e6e9cf0ca7a86bd7667fe6f649fcda2b3dffb
-
SHA256
15f201041269dc9b88921722e6bedca8ba15c6543d99402ce22946d7444754ef
-
SHA512
18b8c0d1fd721b96c957ccb1079db2fd056a291a3bdf998c5f46fed69b29ba0a6c7ae6da31dcc7dc61928f1aceb36d3165ac892e1fc769c30084aaabfcf96d7f
-
SSDEEP
24576:By924B1TKIwrEIyBgvVSZXOD/e/fc/MH8KNchiBhz:0924BcIGoeNSZXOb6fc/nKNco
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-