Extracted

• • Target

    7b572a92bb2b99f1e7329f08469f79f6

  • Size

    491KB

  • MD5

    7b572a92bb2b99f1e7329f08469f79f6

  • SHA1

    856e8dd0873309ce538edf8c3b7cf24cb57dc999

  • SHA256

    8625d76b98dcbb75c19dfcbd9d2d054d42a144d04dc026ee9ec237242ce237a2

  • SHA512

    d12f6076b4e141db53c8d0694a318b22fa6266ff2901f4663bc2e3cb3d78ba401195716a8383d639cdfa5944d4711384c1341ca9d03087fa4c1b1ccda8935d12

  • SSDEEP

    6144:gVpz8h8OG95o61lYkvvA3s9eDQAJmfXLAtcm39Ztun7az2+jzp9KM2T8:g6Cg61ikvvA3sXT87keac

  Score

  10^/10

  persistencespywarestealer

  • Modifies Installed Components in the registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2