General
-
Target
ba24cd54a2256c5a724cb8fed6bd596dfe368bac4fa928716e0157dc048517ea
-
Size
480KB
-
Sample
230505-wcgyssdf9v
-
MD5
b98987e2a88ea7b3773f383c7e0885aa
-
SHA1
951df8fa585100d5e25b9adbeb9d86425fa5431c
-
SHA256
ba24cd54a2256c5a724cb8fed6bd596dfe368bac4fa928716e0157dc048517ea
-
SHA512
3978f0cd1508f12065c418aa2d172e2dd3e58c101b2942f305cf5e6d4d74d77716622cd0e5d671585d16eea1b5503c9f762a9e381d82f4ea8e93ce8a59938914
-
SSDEEP
12288:iMrsy905qkOWrfKAaPDsVxTLaIaWSplZOUw+fsA:yylLWjAPDsV9LYpr0A
Malware Config
Targets
-
-
Target
ba24cd54a2256c5a724cb8fed6bd596dfe368bac4fa928716e0157dc048517ea
-
Size
480KB
-
MD5
b98987e2a88ea7b3773f383c7e0885aa
-
SHA1
951df8fa585100d5e25b9adbeb9d86425fa5431c
-
SHA256
ba24cd54a2256c5a724cb8fed6bd596dfe368bac4fa928716e0157dc048517ea
-
SHA512
3978f0cd1508f12065c418aa2d172e2dd3e58c101b2942f305cf5e6d4d74d77716622cd0e5d671585d16eea1b5503c9f762a9e381d82f4ea8e93ce8a59938914
-
SSDEEP
12288:iMrsy905qkOWrfKAaPDsVxTLaIaWSplZOUw+fsA:yylLWjAPDsV9LYpr0A
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-