General
-
Target
ed1d240b0400b6bc92553ab49ad8624e24f0c1350071784220880c2925acf2b0
-
Size
706KB
-
Sample
230422-gb6hfada32
-
MD5
dbb52f8484bc76b2371a2cf2f1667ec1
-
SHA1
aaefcc429a4292e5cf5402f645ac0a07082c12c1
-
SHA256
ed1d240b0400b6bc92553ab49ad8624e24f0c1350071784220880c2925acf2b0
-
SHA512
31342a6a3202bf2bf4e8dc0da282a7572134f7b088a676a3612445887bec70598790e76468f4052260cfd1e56ace4770a7bfdb0b08ac98f9faaf14c0e2630965
-
SSDEEP
12288:2y908gvmPv0BjZbKziXYbLmqsxCfLpDmZ8SJ3ndrAJY8c09fZqT0gwARhse:2yD4tKzUILv8Z8SJNrATcuu8sh/
Malware Config
Targets
-
-
Target
ed1d240b0400b6bc92553ab49ad8624e24f0c1350071784220880c2925acf2b0
-
Size
706KB
-
MD5
dbb52f8484bc76b2371a2cf2f1667ec1
-
SHA1
aaefcc429a4292e5cf5402f645ac0a07082c12c1
-
SHA256
ed1d240b0400b6bc92553ab49ad8624e24f0c1350071784220880c2925acf2b0
-
SHA512
31342a6a3202bf2bf4e8dc0da282a7572134f7b088a676a3612445887bec70598790e76468f4052260cfd1e56ace4770a7bfdb0b08ac98f9faaf14c0e2630965
-
SSDEEP
12288:2y908gvmPv0BjZbKziXYbLmqsxCfLpDmZ8SJ3ndrAJY8c09fZqT0gwARhse:2yD4tKzUILv8Z8SJNrATcuu8sh/
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-