General
-
Target
file
-
Size
7.2MB
-
Sample
231210-t9n29sgcbr
-
MD5
be2329aacf0ac6781b7c207d6676724c
-
SHA1
6c373de945d25c36e9e7edecb6f581ec3cf1f4d5
-
SHA256
380f3aca1a1e0523dddf08971e9f5b67df52867e422c26276de10dfe4624f133
-
SHA512
135aaf409cd7e27c6242992ef39fe4d46382f347b416154a1ea18b6e4b68209a9039718f8c8669c25fd856e521042e60accf6091b85c3015e0f1fd98d6f09c1b
-
SSDEEP
196608:91OK53hVQoIfLm5eKi1fXuQuEXw8puGGzRUj+VNm+H:3OKZrs7fdg8TUWBC
Malware Config
Targets
-
-
Target
file
-
Size
7.2MB
-
MD5
be2329aacf0ac6781b7c207d6676724c
-
SHA1
6c373de945d25c36e9e7edecb6f581ec3cf1f4d5
-
SHA256
380f3aca1a1e0523dddf08971e9f5b67df52867e422c26276de10dfe4624f133
-
SHA512
135aaf409cd7e27c6242992ef39fe4d46382f347b416154a1ea18b6e4b68209a9039718f8c8669c25fd856e521042e60accf6091b85c3015e0f1fd98d6f09c1b
-
SSDEEP
196608:91OK53hVQoIfLm5eKi1fXuQuEXw8puGGzRUj+VNm+H:3OKZrs7fdg8TUWBC
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-