General
-
Target
file.exe
-
Size
6.5MB
-
Sample
240423-ya8pvabb6w
-
MD5
5d5da0738299d8893b79a6c926765e5f
-
SHA1
b05c2cfd30ca1c163cb829b7e7e5ea2d6c57d1d1
-
SHA256
53c80bee05d28fe65ab0ae6459753fe7b804c0b68b85faaf828576687ef28ca3
-
SHA512
d9fffe943131e71762f5e2e1ad3d23053069f0f028054be9ec2c8491a6812adadacbf099ab8fa79ca9916ceda14ccaedfe4a0e1e5235871a97145ef77d7b0b26
-
SSDEEP
196608:91OXbE7giOz8u70OteFI7tfL6TCdPeMLN3IA:3OIBOUIECdVLN4A
Malware Config
Targets
-
-
Target
file.exe
-
Size
6.5MB
-
MD5
5d5da0738299d8893b79a6c926765e5f
-
SHA1
b05c2cfd30ca1c163cb829b7e7e5ea2d6c57d1d1
-
SHA256
53c80bee05d28fe65ab0ae6459753fe7b804c0b68b85faaf828576687ef28ca3
-
SHA512
d9fffe943131e71762f5e2e1ad3d23053069f0f028054be9ec2c8491a6812adadacbf099ab8fa79ca9916ceda14ccaedfe4a0e1e5235871a97145ef77d7b0b26
-
SSDEEP
196608:91OXbE7giOz8u70OteFI7tfL6TCdPeMLN3IA:3OIBOUIECdVLN4A
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops file in System32 directory
-