General
-
Target
02f9d934611ef8599b3021f0f9b8937c917eb932b1f36b276e7f04df582af1d9
-
Size
599KB
-
Sample
230504-nhmggadg6s
-
MD5
d069ee8e1959f416e3c2242de9b54273
-
SHA1
07d1d8f6ffbb0835e07b78444fbbd989d69b1d44
-
SHA256
02f9d934611ef8599b3021f0f9b8937c917eb932b1f36b276e7f04df582af1d9
-
SHA512
73496c80b0b404ae894b359fd7cebc01e1af0d4f698d4c7381e10d0d6cb700078da9ec88a39e21aa848efd65c35d16a60093a838788531169d5fbaea435cf97b
-
SSDEEP
12288:/Mroy90WQXcnP/CWoX1IoFmh/oYqEGzwWdCkuW3uwNS:XyBcOjgaoMhq/7dC+uwNS
Malware Config
Targets
-
-
Target
02f9d934611ef8599b3021f0f9b8937c917eb932b1f36b276e7f04df582af1d9
-
Size
599KB
-
MD5
d069ee8e1959f416e3c2242de9b54273
-
SHA1
07d1d8f6ffbb0835e07b78444fbbd989d69b1d44
-
SHA256
02f9d934611ef8599b3021f0f9b8937c917eb932b1f36b276e7f04df582af1d9
-
SHA512
73496c80b0b404ae894b359fd7cebc01e1af0d4f698d4c7381e10d0d6cb700078da9ec88a39e21aa848efd65c35d16a60093a838788531169d5fbaea435cf97b
-
SSDEEP
12288:/Mroy90WQXcnP/CWoX1IoFmh/oYqEGzwWdCkuW3uwNS:XyBcOjgaoMhq/7dC+uwNS
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-