General
-
Target
65601289681a89bc71b62dc3fa5e527004d826f256e7d3c8bcde45f024eb48db
-
Size
1.2MB
-
Sample
230424-trt6kaeg7v
-
MD5
9720009583283aabdd032785281b7499
-
SHA1
789d99ee5cf4396413de06523685ca84fa63215b
-
SHA256
65601289681a89bc71b62dc3fa5e527004d826f256e7d3c8bcde45f024eb48db
-
SHA512
00126ec5b2e9cc0a759dd9f2ebf6041dc92f0764752ac2ec9c8cd3406253bfcf58a1b349a50d5b8cbf3b3575ad46c5cbd5a8eaa4e541dc6eaf43f4edc39317c2
-
SSDEEP
24576:OVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:OVtvhk499YMGVzddAge0KUDsiyNK
Malware Config
Targets
-
-
Target
65601289681a89bc71b62dc3fa5e527004d826f256e7d3c8bcde45f024eb48db
-
Size
1.2MB
-
MD5
9720009583283aabdd032785281b7499
-
SHA1
789d99ee5cf4396413de06523685ca84fa63215b
-
SHA256
65601289681a89bc71b62dc3fa5e527004d826f256e7d3c8bcde45f024eb48db
-
SHA512
00126ec5b2e9cc0a759dd9f2ebf6041dc92f0764752ac2ec9c8cd3406253bfcf58a1b349a50d5b8cbf3b3575ad46c5cbd5a8eaa4e541dc6eaf43f4edc39317c2
-
SSDEEP
24576:OVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:OVtvhk499YMGVzddAge0KUDsiyNK
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-