General
-
Target
Flow-Launcher-Setup.exe
-
Size
100.5MB
-
Sample
240222-erenjsbd7s
-
MD5
82a7c075123bd2271722e897bbafdba5
-
SHA1
665d8cbb2c5e1ac0c4df0f49110ec4957d93746e
-
SHA256
81fcfb53cd5cb589a418edd62da80390e3fa6f6eae39204c0bea53e3b33df1fa
-
SHA512
ffd3f63174cb9ddc1318e07a348b0f39d7d9c295482c55a6fb1eeeeb37a67a53e90a7749924ddaca6f0b9da98c81e5423dbdc3717a51c140425bfb49ef38792b
-
SSDEEP
3145728:XD4tlz1hOCZQjUaiy0Y1QUlzsi83WKxJtITAn/TN5B:XD+lz1kwQ4aiMZOxnIQ/F
Malware Config
Targets
-
-
Target
Flow-Launcher-Setup.exe
-
Size
100.5MB
-
MD5
82a7c075123bd2271722e897bbafdba5
-
SHA1
665d8cbb2c5e1ac0c4df0f49110ec4957d93746e
-
SHA256
81fcfb53cd5cb589a418edd62da80390e3fa6f6eae39204c0bea53e3b33df1fa
-
SHA512
ffd3f63174cb9ddc1318e07a348b0f39d7d9c295482c55a6fb1eeeeb37a67a53e90a7749924ddaca6f0b9da98c81e5423dbdc3717a51c140425bfb49ef38792b
-
SSDEEP
3145728:XD4tlz1hOCZQjUaiy0Y1QUlzsi83WKxJtITAn/TN5B:XD+lz1kwQ4aiMZOxnIQ/F
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-