General
-
Target
840d80b47aa300ee71d8e8ca6ccf7935bc6cec6aaa5b180c22c537246786beae
-
Size
709KB
-
Sample
230504-n3csrsdh7y
-
MD5
eace89394adb903880ff6a63938a88b8
-
SHA1
566d9b5590c2659761c0ded16a455349e7c3ad89
-
SHA256
840d80b47aa300ee71d8e8ca6ccf7935bc6cec6aaa5b180c22c537246786beae
-
SHA512
9cdf2821275a88df8d845e3af90d5be8c4ec48e552502c3c65988fd49c44d396df50356afa66a455e211d143d383cba0a42dbc9dd8f91a80ebe145407c6ca899
-
SSDEEP
12288:4Mrdy90qLhIBE2wBEuEDZB+vN4032u4KCdh/76Svm1hJoKt9bXdbL:1yHh2wgv+15Cr6SO1hiqbZL
Malware Config
Targets
-
-
Target
840d80b47aa300ee71d8e8ca6ccf7935bc6cec6aaa5b180c22c537246786beae
-
Size
709KB
-
MD5
eace89394adb903880ff6a63938a88b8
-
SHA1
566d9b5590c2659761c0ded16a455349e7c3ad89
-
SHA256
840d80b47aa300ee71d8e8ca6ccf7935bc6cec6aaa5b180c22c537246786beae
-
SHA512
9cdf2821275a88df8d845e3af90d5be8c4ec48e552502c3c65988fd49c44d396df50356afa66a455e211d143d383cba0a42dbc9dd8f91a80ebe145407c6ca899
-
SSDEEP
12288:4Mrdy90qLhIBE2wBEuEDZB+vN4032u4KCdh/76Svm1hJoKt9bXdbL:1yHh2wgv+15Cr6SO1hiqbZL
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-