General
-
Target
c10206561af98fa52ccc9d7c1e5ddc3d580713f2d80aab6acbe205c20020a381.exe
-
Size
729KB
-
Sample
240213-fpvgnacg7v
-
MD5
4d651b2a8a6b64e94a95899f6b96cfdb
-
SHA1
d4a2f6134cd705c5b1e39e7ad9834d333272b921
-
SHA256
c10206561af98fa52ccc9d7c1e5ddc3d580713f2d80aab6acbe205c20020a381
-
SHA512
c10137446cdce9d0d3b99a91fd404789659aeffd2f8524ddcb30776d8674d7e380b873be7b086236c6648c391fd75211afee1a6ba96fd1fb48e6c07ccede27bc
-
SSDEEP
12288:4h1Fk70Tnvjc343H98AI+djRA/9gdcumaN04mInO2+Dnr0qgGWGa8e/91uTc:Ok70Trc343H9rI+djYGeumaN1mInO2Uy
Malware Config
Targets
-
-
Target
c10206561af98fa52ccc9d7c1e5ddc3d580713f2d80aab6acbe205c20020a381.exe
-
Size
729KB
-
MD5
4d651b2a8a6b64e94a95899f6b96cfdb
-
SHA1
d4a2f6134cd705c5b1e39e7ad9834d333272b921
-
SHA256
c10206561af98fa52ccc9d7c1e5ddc3d580713f2d80aab6acbe205c20020a381
-
SHA512
c10137446cdce9d0d3b99a91fd404789659aeffd2f8524ddcb30776d8674d7e380b873be7b086236c6648c391fd75211afee1a6ba96fd1fb48e6c07ccede27bc
-
SSDEEP
12288:4h1Fk70Tnvjc343H98AI+djRA/9gdcumaN04mInO2+Dnr0qgGWGa8e/91uTc:Ok70Trc343H9rI+djYGeumaN1mInO2Uy
Score9/10-
Detects executables packed with unregistered version of .NET Reactor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-