General
-
Target
ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
-
Size
599KB
-
Sample
230504-qg5mrsed3s
-
MD5
02a270175da65258dc1fddf63a8e93bc
-
SHA1
edb7640b983f47b2bb312df19ed6b889cee448fd
-
SHA256
ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
-
SHA512
8f6f5de6e5d5972cfe4face4cfc31f47b0ee882cb3e22d961d68c407cd2685a514574d925c28009d8e3e06e5a91ba7e28ded2292901b9f7580e308e0651d3b4f
-
SSDEEP
12288:YMr7y90ZH9Jg4G7nmgj9CCyTH+zPxuUgVKY41n5BeJ3Ulk:DyCHPb0nmgxCjIZII7Vu3Ulk
Malware Config
Targets
-
-
Target
ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
-
Size
599KB
-
MD5
02a270175da65258dc1fddf63a8e93bc
-
SHA1
edb7640b983f47b2bb312df19ed6b889cee448fd
-
SHA256
ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
-
SHA512
8f6f5de6e5d5972cfe4face4cfc31f47b0ee882cb3e22d961d68c407cd2685a514574d925c28009d8e3e06e5a91ba7e28ded2292901b9f7580e308e0651d3b4f
-
SSDEEP
12288:YMr7y90ZH9Jg4G7nmgj9CCyTH+zPxuUgVKY41n5BeJ3Ulk:DyCHPb0nmgxCjIZII7Vu3Ulk
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-