General
-
Target
1d8848fab3c1b40c63ff1f16c15b9bdb07c52851fd73814c3e7a491a81b1dfaa
-
Size
7.2MB
-
Sample
231103-awxygabe69
-
MD5
843e10f79eb11537659c86c6dfd89287
-
SHA1
7c2e78a06669dfcd66a2f0570927f6dc25a90c1c
-
SHA256
1d8848fab3c1b40c63ff1f16c15b9bdb07c52851fd73814c3e7a491a81b1dfaa
-
SHA512
2b324f98a4dd43b6ef320673f4130f7af98c4b58c693c0b9e96ded35866015a7cf11e3fc435a0eca65c755e05abb5f7920868c2adbfb87d35285f6d2b4770f76
-
SSDEEP
196608:91ONv/mi1tAydUqHpImwO+Drjo7818pgeXJv:3ONvOiky6qHpIzfSpgeXB
Malware Config
Targets
-
-
Target
1d8848fab3c1b40c63ff1f16c15b9bdb07c52851fd73814c3e7a491a81b1dfaa
-
Size
7.2MB
-
MD5
843e10f79eb11537659c86c6dfd89287
-
SHA1
7c2e78a06669dfcd66a2f0570927f6dc25a90c1c
-
SHA256
1d8848fab3c1b40c63ff1f16c15b9bdb07c52851fd73814c3e7a491a81b1dfaa
-
SHA512
2b324f98a4dd43b6ef320673f4130f7af98c4b58c693c0b9e96ded35866015a7cf11e3fc435a0eca65c755e05abb5f7920868c2adbfb87d35285f6d2b4770f76
-
SSDEEP
196608:91ONv/mi1tAydUqHpImwO+Drjo7818pgeXJv:3ONvOiky6qHpIzfSpgeXB
Score8/10-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-