General
-
Target
7dc68e30775bd687cdb9cfb5a60110ac3e9e3298873149366019c87e6289d66b
-
Size
479KB
-
Sample
230506-hkw6ssgd24
-
MD5
59549121044ca83a340dc25cf4648e4f
-
SHA1
d559e1058fbf218608f983c5172e66a4a98b766d
-
SHA256
7dc68e30775bd687cdb9cfb5a60110ac3e9e3298873149366019c87e6289d66b
-
SHA512
870235c7715cfeaa6894011aa217afa84e8450d0e1c7902c4f41db80479fadfc1e9c1026a54a51d56e69ad174301ce1536496111374fc81723b61bf555a7b52d
-
SSDEEP
12288:FMrYy9066Zmfbw1jK4XR3671510WaW2zaLtxOuPGIv:hyHemfbcjK4XRw510WavaLD/G+
Malware Config
Targets
-
-
Target
7dc68e30775bd687cdb9cfb5a60110ac3e9e3298873149366019c87e6289d66b
-
Size
479KB
-
MD5
59549121044ca83a340dc25cf4648e4f
-
SHA1
d559e1058fbf218608f983c5172e66a4a98b766d
-
SHA256
7dc68e30775bd687cdb9cfb5a60110ac3e9e3298873149366019c87e6289d66b
-
SHA512
870235c7715cfeaa6894011aa217afa84e8450d0e1c7902c4f41db80479fadfc1e9c1026a54a51d56e69ad174301ce1536496111374fc81723b61bf555a7b52d
-
SSDEEP
12288:FMrYy9066Zmfbw1jK4XR3671510WaW2zaLtxOuPGIv:hyHemfbcjK4XRw510WavaLD/G+
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-