General
-
Target
6241fc5000bfd1094a06b587d5774c0a2289931ff4fd2ccb050096bf8270a728
-
Size
828KB
-
Sample
230422-kn4q6aff4t
-
MD5
50dfc1fefa499184e0fc14ac18245d98
-
SHA1
7febb507c595a259fd6378ed7a8b5841689fdc24
-
SHA256
6241fc5000bfd1094a06b587d5774c0a2289931ff4fd2ccb050096bf8270a728
-
SHA512
508d8f2a2bc36abdb2a2110d82bcd29cfabe6afd3263841541ceec2da3ece7e6f4634bbc03d07cf7fa6f8f34a1dc501d8dd6db4998a80cbc377e409e390d69f0
-
SSDEEP
24576:pyg7lIJ0kU1FiEPp4TB2+kED27SEb51ttZtU1N:cgIJMFiEB4sQ9Ev9
Malware Config
Targets
-
-
Target
6241fc5000bfd1094a06b587d5774c0a2289931ff4fd2ccb050096bf8270a728
-
Size
828KB
-
MD5
50dfc1fefa499184e0fc14ac18245d98
-
SHA1
7febb507c595a259fd6378ed7a8b5841689fdc24
-
SHA256
6241fc5000bfd1094a06b587d5774c0a2289931ff4fd2ccb050096bf8270a728
-
SHA512
508d8f2a2bc36abdb2a2110d82bcd29cfabe6afd3263841541ceec2da3ece7e6f4634bbc03d07cf7fa6f8f34a1dc501d8dd6db4998a80cbc377e409e390d69f0
-
SSDEEP
24576:pyg7lIJ0kU1FiEPp4TB2+kED27SEb51ttZtU1N:cgIJMFiEB4sQ9Ev9
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-