General
-
Target
3dfa782678cbffcc92fc97b6c4ace9ff1898b76bdb2fcd6d382d2bd20ce588b1
-
Size
493KB
-
Sample
240428-y7py1agf6z
-
MD5
b5cb180e0403583889e7aae8297db9e4
-
SHA1
a5bd6722dad912944c7e924c8efc0b047cba1ab6
-
SHA256
3dfa782678cbffcc92fc97b6c4ace9ff1898b76bdb2fcd6d382d2bd20ce588b1
-
SHA512
5560d1acabd5d48ef8d123987537dc5321327f6ec96aac25417fb059c200846f46f9f074b13ae16cc6da3b14f072cf2ba31f4c7c4b1d434977e30ba88b129581
-
SSDEEP
12288:S+qYt531sYtGVWpPz4IDlwLV1nWGYAZeAEdmSL6nju:Sdw5GVW54IBEV1jAmy6ju
Malware Config
Targets
-
-
Target
3dfa782678cbffcc92fc97b6c4ace9ff1898b76bdb2fcd6d382d2bd20ce588b1
-
Size
493KB
-
MD5
b5cb180e0403583889e7aae8297db9e4
-
SHA1
a5bd6722dad912944c7e924c8efc0b047cba1ab6
-
SHA256
3dfa782678cbffcc92fc97b6c4ace9ff1898b76bdb2fcd6d382d2bd20ce588b1
-
SHA512
5560d1acabd5d48ef8d123987537dc5321327f6ec96aac25417fb059c200846f46f9f074b13ae16cc6da3b14f072cf2ba31f4c7c4b1d434977e30ba88b129581
-
SSDEEP
12288:S+qYt531sYtGVWpPz4IDlwLV1nWGYAZeAEdmSL6nju:Sdw5GVW54IBEV1jAmy6ju
Score9/10-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables containing base64 encoded User Agent
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-