General
-
Target
4075c81df37bb3a81539f40b031562d102c3d5a501ced20752acc0cf46acfd59
-
Size
6.6MB
-
Sample
240404-236mqsdg24
-
MD5
c146cfd25a3f1addbe202e646ddc0ab1
-
SHA1
7c592e5ff690216200b7a890df8d3f42eb6058fb
-
SHA256
4075c81df37bb3a81539f40b031562d102c3d5a501ced20752acc0cf46acfd59
-
SHA512
3b95bb5d7777afc423c313e3d2f024d5a72249b092df0aff16ad2fa1b6ce48f3be45e0d8564864f86bbc57bed33c1f526b95cb6e53f493f2295acc1b317c6c65
-
SSDEEP
196608:91OMt9txNNPCKIimIIW4P3EsFiZ8KxMdYoMK6nLM:3OSNhd4PYBrn4
Malware Config
Targets
-
-
Target
4075c81df37bb3a81539f40b031562d102c3d5a501ced20752acc0cf46acfd59
-
Size
6.6MB
-
MD5
c146cfd25a3f1addbe202e646ddc0ab1
-
SHA1
7c592e5ff690216200b7a890df8d3f42eb6058fb
-
SHA256
4075c81df37bb3a81539f40b031562d102c3d5a501ced20752acc0cf46acfd59
-
SHA512
3b95bb5d7777afc423c313e3d2f024d5a72249b092df0aff16ad2fa1b6ce48f3be45e0d8564864f86bbc57bed33c1f526b95cb6e53f493f2295acc1b317c6c65
-
SSDEEP
196608:91OMt9txNNPCKIimIIW4P3EsFiZ8KxMdYoMK6nLM:3OSNhd4PYBrn4
Score8/10-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-