General
-
Target
84a0680522e3f9066104df8c126dfb911cd4ca5e53ab08c0203b7ca8d6b1d034
-
Size
599KB
-
Sample
230504-nw7dssdh4v
-
MD5
6fe9347d8764c1f3b8e06f589258ab6e
-
SHA1
252a46cc6c55dc743c6f3dc7733027813219633f
-
SHA256
84a0680522e3f9066104df8c126dfb911cd4ca5e53ab08c0203b7ca8d6b1d034
-
SHA512
36af4419dea2593721e5ab15374a8b888b0edb2e69f8b3512b96c15b8a67a79e5bc6d00c793aba3e5532ae25c3fd6fed4ba5b85aa8854274ef5b9bf17882e10e
-
SSDEEP
12288:cMrKy90wr9fE7WS7aX0c1e2GgRW3NG8V4e5VVTgFd:GyN+W2akc1e2JW388Vb5VVTgf
Malware Config
Targets
-
-
Target
84a0680522e3f9066104df8c126dfb911cd4ca5e53ab08c0203b7ca8d6b1d034
-
Size
599KB
-
MD5
6fe9347d8764c1f3b8e06f589258ab6e
-
SHA1
252a46cc6c55dc743c6f3dc7733027813219633f
-
SHA256
84a0680522e3f9066104df8c126dfb911cd4ca5e53ab08c0203b7ca8d6b1d034
-
SHA512
36af4419dea2593721e5ab15374a8b888b0edb2e69f8b3512b96c15b8a67a79e5bc6d00c793aba3e5532ae25c3fd6fed4ba5b85aa8854274ef5b9bf17882e10e
-
SSDEEP
12288:cMrKy90wr9fE7WS7aX0c1e2GgRW3NG8V4e5VVTgFd:GyN+W2akc1e2JW388Vb5VVTgf
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-