General
-
Target
09a4ee7172282f87f7165a43c3e20f14
-
Size
53KB
-
Sample
231230-bjszesadg2
-
MD5
09a4ee7172282f87f7165a43c3e20f14
-
SHA1
b0a2ddd2d32f580fad0ec9b75e977c62fd4fd381
-
SHA256
752536b688fa896ba0ba7341bc2cc56be3ef6621f317d2dc5fed268920b33bd9
-
SHA512
304e9fbc0921b050920017087f33f02fb9900524b6182dd64fe2abcfbd7f0d79e496913b5bfab009f8008d6386f980fe65f29e16ffe2db89d298e7fff878bbf5
-
SSDEEP
1536:lsyqFguK7hKM1vd+XWdu1w2ksbvSjzdmxWP:lJhhKU1+XWdJ2kjjzdDP
Malware Config
Targets
-
-
Target
09a4ee7172282f87f7165a43c3e20f14
-
Size
53KB
-
MD5
09a4ee7172282f87f7165a43c3e20f14
-
SHA1
b0a2ddd2d32f580fad0ec9b75e977c62fd4fd381
-
SHA256
752536b688fa896ba0ba7341bc2cc56be3ef6621f317d2dc5fed268920b33bd9
-
SHA512
304e9fbc0921b050920017087f33f02fb9900524b6182dd64fe2abcfbd7f0d79e496913b5bfab009f8008d6386f980fe65f29e16ffe2db89d298e7fff878bbf5
-
SSDEEP
1536:lsyqFguK7hKM1vd+XWdu1w2ksbvSjzdmxWP:lJhhKU1+XWdJ2kjjzdDP
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-