General
-
Target
7860ec04f910a69984ce4d5344860fbf5a6d03d29cd993200155cb5f5e96ee4f
-
Size
567KB
-
Sample
230423-pkmexseh6v
-
MD5
fa77efaa088b3328b43fdc0833d9ec11
-
SHA1
9c9aecce99dfb85bc393cbc6ab579a28af911409
-
SHA256
7860ec04f910a69984ce4d5344860fbf5a6d03d29cd993200155cb5f5e96ee4f
-
SHA512
bd0feaa24fb4fa6c7e705e16f51edd8e337a989a1506dcc1906fb6ef391badd00a3033beac074a76370f704d9531e84f057575771f99c28a404853a891d1f18d
-
SSDEEP
12288:fy90h+MfrBbG6l55rYkd43toI9PPuCk7JAK3zj3+oGl:fygDBb9l5Kk4CIMxn3PGl
Malware Config
Targets
-
-
Target
7860ec04f910a69984ce4d5344860fbf5a6d03d29cd993200155cb5f5e96ee4f
-
Size
567KB
-
MD5
fa77efaa088b3328b43fdc0833d9ec11
-
SHA1
9c9aecce99dfb85bc393cbc6ab579a28af911409
-
SHA256
7860ec04f910a69984ce4d5344860fbf5a6d03d29cd993200155cb5f5e96ee4f
-
SHA512
bd0feaa24fb4fa6c7e705e16f51edd8e337a989a1506dcc1906fb6ef391badd00a3033beac074a76370f704d9531e84f057575771f99c28a404853a891d1f18d
-
SSDEEP
12288:fy90h+MfrBbG6l55rYkd43toI9PPuCk7JAK3zj3+oGl:fygDBb9l5Kk4CIMxn3PGl
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-