General
-
Target
7a457e55b9a075457ad7d877e49dbf2a01adedd935beb92149ea2cd2064a75d4
-
Size
966KB
-
Sample
230422-e97r2see5t
-
MD5
a409dbe026a2b20afc3e2fe08b3f927a
-
SHA1
38079741d5537ed22448c698492c8a2f44eaa553
-
SHA256
7a457e55b9a075457ad7d877e49dbf2a01adedd935beb92149ea2cd2064a75d4
-
SHA512
c9203b4ed7301d7bbdb284b8a5e3aad1b7ec10d1c6a7a04c53a7783a257c4d4a993e6a4cd211e128cac1cb99798582c0f8ef745256e22f70840a0d13a84d5f9d
-
SSDEEP
24576:MyJUhNLZ57IV/n8oczpr+oc3UzodmDcs:7+Q/8ospq3UzodmD
Malware Config
Targets
-
-
Target
7a457e55b9a075457ad7d877e49dbf2a01adedd935beb92149ea2cd2064a75d4
-
Size
966KB
-
MD5
a409dbe026a2b20afc3e2fe08b3f927a
-
SHA1
38079741d5537ed22448c698492c8a2f44eaa553
-
SHA256
7a457e55b9a075457ad7d877e49dbf2a01adedd935beb92149ea2cd2064a75d4
-
SHA512
c9203b4ed7301d7bbdb284b8a5e3aad1b7ec10d1c6a7a04c53a7783a257c4d4a993e6a4cd211e128cac1cb99798582c0f8ef745256e22f70840a0d13a84d5f9d
-
SSDEEP
24576:MyJUhNLZ57IV/n8oczpr+oc3UzodmDcs:7+Q/8ospq3UzodmD
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-