General
-
Target
1023f1c2b352fbf8b1a44ebefad3ff8568c416cea65a32c27384475941ad7449
-
Size
828KB
-
Sample
230422-eg386acc94
-
MD5
4e10569d22b0692845425fb72f91d379
-
SHA1
7cd3406ba2aa867a5dfb5eca8e1e4682f21b242c
-
SHA256
1023f1c2b352fbf8b1a44ebefad3ff8568c416cea65a32c27384475941ad7449
-
SHA512
7bc4cfd7fbd8a8ee40c9ad83c53af3af7543efae8db156150f7d439b32b93be8589f76170de1afdbddbf4e0bd7804065622ffbc7ddbc2557fb5b69174b3a3f01
-
SSDEEP
12288:wy90U5G+q6/+yIsG+r+Ke966wxfr1iFOOisAhoDX88NkH+vs/BdXkIUYPos5:wymW/XC+rvA6MFOxuY8nyNkY5
Malware Config
Targets
-
-
Target
1023f1c2b352fbf8b1a44ebefad3ff8568c416cea65a32c27384475941ad7449
-
Size
828KB
-
MD5
4e10569d22b0692845425fb72f91d379
-
SHA1
7cd3406ba2aa867a5dfb5eca8e1e4682f21b242c
-
SHA256
1023f1c2b352fbf8b1a44ebefad3ff8568c416cea65a32c27384475941ad7449
-
SHA512
7bc4cfd7fbd8a8ee40c9ad83c53af3af7543efae8db156150f7d439b32b93be8589f76170de1afdbddbf4e0bd7804065622ffbc7ddbc2557fb5b69174b3a3f01
-
SSDEEP
12288:wy90U5G+q6/+yIsG+r+Ke966wxfr1iFOOisAhoDX88NkH+vs/BdXkIUYPos5:wymW/XC+rvA6MFOxuY8nyNkY5
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-