General
-
Target
2fa62c5538ecbb4208996c1c9a9c8aa958f425c4c00aa5b3db0cd2439fa871c3
-
Size
479KB
-
Sample
230506-bwe84ahf7v
-
MD5
d9b133258e5d874529128714df0b2fac
-
SHA1
22048e585bf511c1c3da5b5da4b655e39ac7c253
-
SHA256
2fa62c5538ecbb4208996c1c9a9c8aa958f425c4c00aa5b3db0cd2439fa871c3
-
SHA512
af6fcf2512a320270744f234769dc39b8221c6ea52f67c29261ead8fd3980d382c6b12f78b2ed6821cbf8fd29908c38e091561d5b79e9ad570e7d0a69922f9a8
-
SSDEEP
12288:fMr4y90WTCCMEIIQrWKQREQyi29Qbt9Wl5codqloRh:ny/CbB1qKa2qt9W7cosmT
Malware Config
Targets
-
-
Target
2fa62c5538ecbb4208996c1c9a9c8aa958f425c4c00aa5b3db0cd2439fa871c3
-
Size
479KB
-
MD5
d9b133258e5d874529128714df0b2fac
-
SHA1
22048e585bf511c1c3da5b5da4b655e39ac7c253
-
SHA256
2fa62c5538ecbb4208996c1c9a9c8aa958f425c4c00aa5b3db0cd2439fa871c3
-
SHA512
af6fcf2512a320270744f234769dc39b8221c6ea52f67c29261ead8fd3980d382c6b12f78b2ed6821cbf8fd29908c38e091561d5b79e9ad570e7d0a69922f9a8
-
SSDEEP
12288:fMr4y90WTCCMEIIQrWKQREQyi29Qbt9Wl5codqloRh:ny/CbB1qKa2qt9W7cosmT
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-