General
-
Target
553ed4ef98e8f09b2ca7448d863817b4b87427c4291d2ae39ff0c5a248b421b2
-
Size
1.1MB
-
Sample
230425-3r4vfadg48
-
MD5
ca31e38327cc7ba9d1085390a55a7a02
-
SHA1
227e79d73e0cc983cb581874831f75f8b3163759
-
SHA256
553ed4ef98e8f09b2ca7448d863817b4b87427c4291d2ae39ff0c5a248b421b2
-
SHA512
bada271317070d092eb253881774703a1cc83b6f01834b4de324c739ebbbd8851364fc4931660d437d38caf1c31df1454f19faa62418fb1c8035c59e01d4c6ff
-
SSDEEP
24576:1yWiG0tP7UAE46mv+yMyWvSW+UXsG6FPx8bu1BIRc:QWiG07E46itrWvSZjtPmaA
Malware Config
Targets
-
-
Target
553ed4ef98e8f09b2ca7448d863817b4b87427c4291d2ae39ff0c5a248b421b2
-
Size
1.1MB
-
MD5
ca31e38327cc7ba9d1085390a55a7a02
-
SHA1
227e79d73e0cc983cb581874831f75f8b3163759
-
SHA256
553ed4ef98e8f09b2ca7448d863817b4b87427c4291d2ae39ff0c5a248b421b2
-
SHA512
bada271317070d092eb253881774703a1cc83b6f01834b4de324c739ebbbd8851364fc4931660d437d38caf1c31df1454f19faa62418fb1c8035c59e01d4c6ff
-
SSDEEP
24576:1yWiG0tP7UAE46mv+yMyWvSW+UXsG6FPx8bu1BIRc:QWiG07E46itrWvSZjtPmaA
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-