General
-
Target
bb07d6f7a706da8578b1d5569f90d0ffe2801366b472d90f3f93b861f9e190ba
-
Size
706KB
-
Sample
230422-h5qjrafc21
-
MD5
198bdc851c719d564a950c71cbce5226
-
SHA1
fb3911dbb5ca5fb0689c2d517576899a2e7de11c
-
SHA256
bb07d6f7a706da8578b1d5569f90d0ffe2801366b472d90f3f93b861f9e190ba
-
SHA512
2cda831171ff56fb2dc9d54337b426052de16f839c734451c173e621304188a8748b7d13acde49459d3908b702273ce219eecbdf00d1a9bf07980f0d71b6e18f
-
SSDEEP
12288:By90UvGGHJ/zo2TLBl7d82H+9BGWZ5jxy0kuy6312oQdr7JY8c0m3Z1lq5X6:By9eohs402V8jU9vTr7TcNY6
Malware Config
Targets
-
-
Target
bb07d6f7a706da8578b1d5569f90d0ffe2801366b472d90f3f93b861f9e190ba
-
Size
706KB
-
MD5
198bdc851c719d564a950c71cbce5226
-
SHA1
fb3911dbb5ca5fb0689c2d517576899a2e7de11c
-
SHA256
bb07d6f7a706da8578b1d5569f90d0ffe2801366b472d90f3f93b861f9e190ba
-
SHA512
2cda831171ff56fb2dc9d54337b426052de16f839c734451c173e621304188a8748b7d13acde49459d3908b702273ce219eecbdf00d1a9bf07980f0d71b6e18f
-
SSDEEP
12288:By90UvGGHJ/zo2TLBl7d82H+9BGWZ5jxy0kuy6312oQdr7JY8c0m3Z1lq5X6:By9eohs402V8jU9vTr7TcNY6
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-