General
-
Target
f036b31815c8e5a9cd2baa8383a622ccaee7f7b585d5b729895f418aac8453bf
-
Size
560KB
-
Sample
230422-ym477age23
-
MD5
19ded4c750d8f91b4e578de94d8a5efa
-
SHA1
bec04a16b7fbad72dfee171ac6814640a7c75363
-
SHA256
f036b31815c8e5a9cd2baa8383a622ccaee7f7b585d5b729895f418aac8453bf
-
SHA512
af0674c090d6b35977bb8e482423ade45970244d91a976a54d9b9f62e76d57ef500c4942dd1920466e6e9dad3bc4e7482317356b4928874d4d4e642a7c43c4b1
-
SSDEEP
12288:Uy90sLUQaAGDJwyFgIw40hSeZhG5aLGlAXhWgx9q:UynYQWDtFgIwh0eZo5aCUnq
Malware Config
Targets
-
-
Target
f036b31815c8e5a9cd2baa8383a622ccaee7f7b585d5b729895f418aac8453bf
-
Size
560KB
-
MD5
19ded4c750d8f91b4e578de94d8a5efa
-
SHA1
bec04a16b7fbad72dfee171ac6814640a7c75363
-
SHA256
f036b31815c8e5a9cd2baa8383a622ccaee7f7b585d5b729895f418aac8453bf
-
SHA512
af0674c090d6b35977bb8e482423ade45970244d91a976a54d9b9f62e76d57ef500c4942dd1920466e6e9dad3bc4e7482317356b4928874d4d4e642a7c43c4b1
-
SSDEEP
12288:Uy90sLUQaAGDJwyFgIw40hSeZhG5aLGlAXhWgx9q:UynYQWDtFgIwh0eZo5aCUnq
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-