General
-
Target
5b4de5f8554e5173d72a5ca887c94ce818acae49474c5efd4da527de15e8f6fa
-
Size
1.2MB
-
Sample
230423-xsskxagh9y
-
MD5
6b6b07219e26f49b3d31b1bfbeac3894
-
SHA1
f0731e3eac14666a047179123775ed90d02d4a35
-
SHA256
5b4de5f8554e5173d72a5ca887c94ce818acae49474c5efd4da527de15e8f6fa
-
SHA512
666dc621b30c63deb3416dbca0c974f4c59db5741425cf53cdabf56da120aa5f28920750669e71e1993cb9db6cd7743683071f51ec988ab6317af4a63580a74a
-
SSDEEP
24576:dLJQ+aYD/kHU5ClpZ1SKDtJttwyf6ws1tJ+cJGuFFw:dtQbWAJpsAX6JZJG8
Malware Config
Targets
-
-
Target
5b4de5f8554e5173d72a5ca887c94ce818acae49474c5efd4da527de15e8f6fa
-
Size
1.2MB
-
MD5
6b6b07219e26f49b3d31b1bfbeac3894
-
SHA1
f0731e3eac14666a047179123775ed90d02d4a35
-
SHA256
5b4de5f8554e5173d72a5ca887c94ce818acae49474c5efd4da527de15e8f6fa
-
SHA512
666dc621b30c63deb3416dbca0c974f4c59db5741425cf53cdabf56da120aa5f28920750669e71e1993cb9db6cd7743683071f51ec988ab6317af4a63580a74a
-
SSDEEP
24576:dLJQ+aYD/kHU5ClpZ1SKDtJttwyf6ws1tJ+cJGuFFw:dtQbWAJpsAX6JZJG8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-