General
-
Target
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
Size
1.1MB
-
Sample
230426-xcedcada61
-
MD5
cb3361883743170c0155cda12ada9348
-
SHA1
3ef933ed740e61f9b9a895ab532bec382fc9eb8b
-
SHA256
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
SHA512
dd959101c759956f718b0165ea2de4941e876cffb511130a016ce13d0bbd58a78c0614d31d3584c10e5a9175f7eeaa3dd0f958a9123244fc6f5e907157c23831
-
SSDEEP
24576:NyMJllRzuf7Ks7tjtXVpMjQ9wjnIk2dZNAtW+as:ooNqGajxVpCxzd8n2
Malware Config
Targets
-
-
Target
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
Size
1.1MB
-
MD5
cb3361883743170c0155cda12ada9348
-
SHA1
3ef933ed740e61f9b9a895ab532bec382fc9eb8b
-
SHA256
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
SHA512
dd959101c759956f718b0165ea2de4941e876cffb511130a016ce13d0bbd58a78c0614d31d3584c10e5a9175f7eeaa3dd0f958a9123244fc6f5e907157c23831
-
SSDEEP
24576:NyMJllRzuf7Ks7tjtXVpMjQ9wjnIk2dZNAtW+as:ooNqGajxVpCxzd8n2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-