General
-
Target
f657ee434c7dd87315b9c9881c8c23a534abda8e86fe70e115949635391bdc5e
-
Size
599KB
-
Sample
230504-rckbpsef7y
-
MD5
112d1b90315771a4ae2fdc7baaad8c9c
-
SHA1
d51f70120033a482fbdff14501d0fbdbf5bf4eca
-
SHA256
f657ee434c7dd87315b9c9881c8c23a534abda8e86fe70e115949635391bdc5e
-
SHA512
dd7e4fe2e3e0d301d2055fbf7422d9ac3f330872136468b6107f0aa057d8c88647e735a5af900f48c2d0b9bf5899362c19c65aa1e447ec221d805ca849de527c
-
SSDEEP
12288:rMrCy90LMkHfEl8JKpyDBwMeTHI6sl4F5YUIQWH30fMdSHf1ejp:hyuJeytwMeTH3AqYUGH30kdStIp
Malware Config
Targets
-
-
Target
f657ee434c7dd87315b9c9881c8c23a534abda8e86fe70e115949635391bdc5e
-
Size
599KB
-
MD5
112d1b90315771a4ae2fdc7baaad8c9c
-
SHA1
d51f70120033a482fbdff14501d0fbdbf5bf4eca
-
SHA256
f657ee434c7dd87315b9c9881c8c23a534abda8e86fe70e115949635391bdc5e
-
SHA512
dd7e4fe2e3e0d301d2055fbf7422d9ac3f330872136468b6107f0aa057d8c88647e735a5af900f48c2d0b9bf5899362c19c65aa1e447ec221d805ca849de527c
-
SSDEEP
12288:rMrCy90LMkHfEl8JKpyDBwMeTHI6sl4F5YUIQWH30fMdSHf1ejp:hyuJeytwMeTH3AqYUGH30kdStIp
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-