General
-
Target
9a514c75d2de0c9412c5f55677822bf339db1bff6ab99540b06b3441e6b1a299
-
Size
1.4MB
-
Sample
240312-n449eaab42
-
MD5
72681299c22489487a7254eb26ae8589
-
SHA1
1818b6a7ef75332604bacd26b9910223294869bb
-
SHA256
9a514c75d2de0c9412c5f55677822bf339db1bff6ab99540b06b3441e6b1a299
-
SHA512
e0d1c25fc9811fa76c7e99159b9083d059fa5e31381dd28947241ab93f2d8067cc7c0a3f2d0f4689150c1ec2a61fb192df92e6d16d12cecd2a07a8d42dc93ffe
-
SSDEEP
24576:nvKqHgnhSC0badP0QiPYnSFELlFFx0A4cAhPSNfL1JD/tbOFmHkrEH7W:vKqAsadP0QiPzEz0AVISNT1JtMyy
Malware Config
Targets
-
-
Target
9a514c75d2de0c9412c5f55677822bf339db1bff6ab99540b06b3441e6b1a299
-
Size
1.4MB
-
MD5
72681299c22489487a7254eb26ae8589
-
SHA1
1818b6a7ef75332604bacd26b9910223294869bb
-
SHA256
9a514c75d2de0c9412c5f55677822bf339db1bff6ab99540b06b3441e6b1a299
-
SHA512
e0d1c25fc9811fa76c7e99159b9083d059fa5e31381dd28947241ab93f2d8067cc7c0a3f2d0f4689150c1ec2a61fb192df92e6d16d12cecd2a07a8d42dc93ffe
-
SSDEEP
24576:nvKqHgnhSC0badP0QiPYnSFELlFFx0A4cAhPSNfL1JD/tbOFmHkrEH7W:vKqAsadP0QiPzEz0AVISNT1JtMyy
Score8/10-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-