General
-
Target
27aba6d74280a0746f7e16c9237823cdcbd770564d2d5f8d9bdf1a3cd7a0531c
-
Size
376KB
-
Sample
230505-gx5s2agf46
-
MD5
2bdc44eb810d664472d8d421f120c53a
-
SHA1
ea0b62bcfd54527882d945051e224143fd5f0fa7
-
SHA256
27aba6d74280a0746f7e16c9237823cdcbd770564d2d5f8d9bdf1a3cd7a0531c
-
SHA512
03bae545e9efdd1ab65df2355dbe989746aadb32be08c8331f12bd03cd847776aad12fbb6a4be8e655a85eb6d9cd82becada1c77e8dd9a16740fc8613ee11388
-
SSDEEP
6144:Kzy+bnr+8p0yN90QEG9sTV7v+NLygaTPyYESJM6aXkei+9lt20Tgsj1bdAbX:BMrwy90msM76qi26aX1ATsJYX
Malware Config
Targets
-
-
Target
27aba6d74280a0746f7e16c9237823cdcbd770564d2d5f8d9bdf1a3cd7a0531c
-
Size
376KB
-
MD5
2bdc44eb810d664472d8d421f120c53a
-
SHA1
ea0b62bcfd54527882d945051e224143fd5f0fa7
-
SHA256
27aba6d74280a0746f7e16c9237823cdcbd770564d2d5f8d9bdf1a3cd7a0531c
-
SHA512
03bae545e9efdd1ab65df2355dbe989746aadb32be08c8331f12bd03cd847776aad12fbb6a4be8e655a85eb6d9cd82becada1c77e8dd9a16740fc8613ee11388
-
SSDEEP
6144:Kzy+bnr+8p0yN90QEG9sTV7v+NLygaTPyYESJM6aXkei+9lt20Tgsj1bdAbX:BMrwy90msM76qi26aX1ATsJYX
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-