General
-
Target
844bc10762c7e39301e3bb44e498a044476622e2168c5867fc869b6154f6b5c8
-
Size
6.9MB
-
Sample
240425-dm1vjsee2s
-
MD5
5e3cdfe21d21fcd875ae63eaf9c138da
-
SHA1
4d2d2b1c32e6de9da7952d6365d4f8f0a6f3d837
-
SHA256
844bc10762c7e39301e3bb44e498a044476622e2168c5867fc869b6154f6b5c8
-
SHA512
acf3035133590207f0ff5c841549f7ec50e915a490867340d4b0e7554b8ff034000e06a6d41a98d80a6bfa6e64a4be5d95be5e1f6f2ef478b82547f692937fa5
-
SSDEEP
196608:91Og2zjVpYD8vDwJmaHxbS2Os9qP0eEPsg:3Og2tpRvDqRbhOZ0fPsg
Malware Config
Targets
-
-
Target
844bc10762c7e39301e3bb44e498a044476622e2168c5867fc869b6154f6b5c8
-
Size
6.9MB
-
MD5
5e3cdfe21d21fcd875ae63eaf9c138da
-
SHA1
4d2d2b1c32e6de9da7952d6365d4f8f0a6f3d837
-
SHA256
844bc10762c7e39301e3bb44e498a044476622e2168c5867fc869b6154f6b5c8
-
SHA512
acf3035133590207f0ff5c841549f7ec50e915a490867340d4b0e7554b8ff034000e06a6d41a98d80a6bfa6e64a4be5d95be5e1f6f2ef478b82547f692937fa5
-
SSDEEP
196608:91Og2zjVpYD8vDwJmaHxbS2Os9qP0eEPsg:3Og2tpRvDqRbhOZ0fPsg
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-