General
-
Target
ce9486a6bc3ecc91fb9bf0c0279942b9e8ac76f135f9659209d9056f0c006cf1
-
Size
559KB
-
Sample
230422-zxldhagg46
-
MD5
eefe1148125d41eabcddacf7faf65a5b
-
SHA1
374df6d0bdf49b015b3d9d9a8ce397b074be725d
-
SHA256
ce9486a6bc3ecc91fb9bf0c0279942b9e8ac76f135f9659209d9056f0c006cf1
-
SHA512
9d3a25ae1949d4d5132b74836b909bf96b59d1304249e49e770e8bd3f3ab1ecbfda3eafdb7d72c015bbc405f42cd144f0725dcd7da366ebd6983c4c151681d9b
-
SSDEEP
12288:ay901lCYlRKsRYuJioBa6uLzEcj/W03l6Th:ay6ldmuRDuL4AVMh
Malware Config
Targets
-
-
Target
ce9486a6bc3ecc91fb9bf0c0279942b9e8ac76f135f9659209d9056f0c006cf1
-
Size
559KB
-
MD5
eefe1148125d41eabcddacf7faf65a5b
-
SHA1
374df6d0bdf49b015b3d9d9a8ce397b074be725d
-
SHA256
ce9486a6bc3ecc91fb9bf0c0279942b9e8ac76f135f9659209d9056f0c006cf1
-
SHA512
9d3a25ae1949d4d5132b74836b909bf96b59d1304249e49e770e8bd3f3ab1ecbfda3eafdb7d72c015bbc405f42cd144f0725dcd7da366ebd6983c4c151681d9b
-
SSDEEP
12288:ay901lCYlRKsRYuJioBa6uLzEcj/W03l6Th:ay6ldmuRDuL4AVMh
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-