General
-
Target
2c58386b951be5401ad6e43305ab8c8eca740bc1f705995b9112421693bb7c3d
-
Size
479KB
-
Sample
230506-e27r3sga48
-
MD5
3f01d9d851bf440c6d690c07f75d7410
-
SHA1
37460d4fd2705a720751d18f134f50e000926b5d
-
SHA256
2c58386b951be5401ad6e43305ab8c8eca740bc1f705995b9112421693bb7c3d
-
SHA512
e2a233ee35653f9e1005bc78cd7b501aabef72d1731b3daeada3fe423d85f1c122f75f8e6efc8393a418f61e96e84831a7cae72796d622828d3de3e5ab6c5aa0
-
SSDEEP
6144:KUy+bnr+5p0yN90QE4uttZZZXrZylp9MrnzmQ4pE6E1pPRw4RXWKBiyvstV:oMrZy90NV7krMrnzm86EnO4XpBjvstV
Malware Config
Targets
-
-
Target
2c58386b951be5401ad6e43305ab8c8eca740bc1f705995b9112421693bb7c3d
-
Size
479KB
-
MD5
3f01d9d851bf440c6d690c07f75d7410
-
SHA1
37460d4fd2705a720751d18f134f50e000926b5d
-
SHA256
2c58386b951be5401ad6e43305ab8c8eca740bc1f705995b9112421693bb7c3d
-
SHA512
e2a233ee35653f9e1005bc78cd7b501aabef72d1731b3daeada3fe423d85f1c122f75f8e6efc8393a418f61e96e84831a7cae72796d622828d3de3e5ab6c5aa0
-
SSDEEP
6144:KUy+bnr+5p0yN90QE4uttZZZXrZylp9MrnzmQ4pE6E1pPRw4RXWKBiyvstV:oMrZy90NV7krMrnzm86EnO4XpBjvstV
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-