General
-
Target
94e5061b68fabeb4bc860c8947f3671335636228e7a766803565c9cc9d352c13
-
Size
653KB
-
Sample
230426-wlhlpach2t
-
MD5
dd37ad41e459abe8e42233a21e5f8f3e
-
SHA1
1337fc94726d1dea557dab93b377d75b0c715a6e
-
SHA256
94e5061b68fabeb4bc860c8947f3671335636228e7a766803565c9cc9d352c13
-
SHA512
56cbb4b24dc65b155144a6b7ad1f63e505c99220e4873b3868c527789f552ec1c4a88d80c1c597a633e610a463857b0b56a5d658d1f21bb23512c6a5ca78bd04
-
SSDEEP
12288:yy90eawgg3hl2LbekRJh2s+uHedpe2PGzE3vNBlZOWgB0to:yygwTIP7Ysnedk2/vNwWzo
Malware Config
Targets
-
-
Target
94e5061b68fabeb4bc860c8947f3671335636228e7a766803565c9cc9d352c13
-
Size
653KB
-
MD5
dd37ad41e459abe8e42233a21e5f8f3e
-
SHA1
1337fc94726d1dea557dab93b377d75b0c715a6e
-
SHA256
94e5061b68fabeb4bc860c8947f3671335636228e7a766803565c9cc9d352c13
-
SHA512
56cbb4b24dc65b155144a6b7ad1f63e505c99220e4873b3868c527789f552ec1c4a88d80c1c597a633e610a463857b0b56a5d658d1f21bb23512c6a5ca78bd04
-
SSDEEP
12288:yy90eawgg3hl2LbekRJh2s+uHedpe2PGzE3vNBlZOWgB0to:yygwTIP7Ysnedk2/vNwWzo
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-