725bf5a2423aebe392e33a95d519ff0070f06e04dd97ee27d211c6dc46c19768

General

Target

16042024124528724.exe
Size

881KB
Sample

240416-sx2l6afb7y
MD5

10171b262b1469e58eb426f703a87a09
SHA1

e3265da31d8cd8d6a0cffaa7cf3996d7e0ed9490
SHA256

725bf5a2423aebe392e33a95d519ff0070f06e04dd97ee27d211c6dc46c19768
SHA512

eeaa125c78150d7d2621f2d247151fa45b1eb32214c93f9715c17afcd434a57d87b5a9dfbb1f698f120d4d0e9bc4196ce1eeefb2e9a3f383adabbacb91ab0647
SSDEEP

24576:HDgVtWN/pm/avooyRDtwZknjS6zVTStNfXvt/u8u:cpoxkj/xuXdux

Score

7^/10

Malware Config

Targets

- Target
  
  16042024124528724.exe
- Size
  
  881KB
- MD5
  
  10171b262b1469e58eb426f703a87a09
- SHA1
  
  e3265da31d8cd8d6a0cffaa7cf3996d7e0ed9490
- SHA256
  
  725bf5a2423aebe392e33a95d519ff0070f06e04dd97ee27d211c6dc46c19768
- SHA512
  
  eeaa125c78150d7d2621f2d247151fa45b1eb32214c93f9715c17afcd434a57d87b5a9dfbb1f698f120d4d0e9bc4196ce1eeefb2e9a3f383adabbacb91ab0647
- SSDEEP
  
  24576:HDgVtWN/pm/avooyRDtwZknjS6zVTStNfXvt/u8u:cpoxkj/xuXdux
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  1128ee61dffa0a97d30b2f828235b289
- SHA1
  
  b552f3d4f13894f2f30fb446893093ca78fe149c
- SHA256
  
  1e33decac84bdd2b3a651c969258f8e6c90616e9ec35de6ab4f402709555ce4c
- SHA512
  
  d470356be436997fc53c17b8546cc80b187538ad2f258788761b92c28d91ef733fe6d8b3b33c353d84d1e0ae089207efd1ebfde33a6d33d5a341960e7bcfc8f5
- SSDEEP
  
  96:E7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN738:5N8KgWAuLWxD8ZAGgmkN
Score

3^/10
behavioral3 behavioral4