General
-
Target
cd970222395a174fe9dab65140764752e8e3a510f1966353dd95b9bf362855ff
-
Size
376KB
-
Sample
230505-npxwsabg9w
-
MD5
239645f4eccb1eeea49eb81d058677b6
-
SHA1
a374efe3b4cd2823e65998f0a8727ec47ddbc2dc
-
SHA256
cd970222395a174fe9dab65140764752e8e3a510f1966353dd95b9bf362855ff
-
SHA512
5b9a929b800f349bc44e145f66739db8f6f4b28b95139e844808a633d73e662740dc7db9671ac97e9b2c8b52f12422d163abcd0160053ded6b6e342e29e8aa40
-
SSDEEP
6144:Kyy+bnr+ap0yN90QEe3Ri1JT+HvfSevTYD3hjd8q5P1GrsjeI2gm/8KSkDKQxh:2MrSy906i1FqvqJ3lWim/vj
Malware Config
Targets
-
-
Target
cd970222395a174fe9dab65140764752e8e3a510f1966353dd95b9bf362855ff
-
Size
376KB
-
MD5
239645f4eccb1eeea49eb81d058677b6
-
SHA1
a374efe3b4cd2823e65998f0a8727ec47ddbc2dc
-
SHA256
cd970222395a174fe9dab65140764752e8e3a510f1966353dd95b9bf362855ff
-
SHA512
5b9a929b800f349bc44e145f66739db8f6f4b28b95139e844808a633d73e662740dc7db9671ac97e9b2c8b52f12422d163abcd0160053ded6b6e342e29e8aa40
-
SSDEEP
6144:Kyy+bnr+ap0yN90QEe3Ri1JT+HvfSevTYD3hjd8q5P1GrsjeI2gm/8KSkDKQxh:2MrSy906i1FqvqJ3lWim/vj
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-