General
-
Target
65cebb4fe076dd7d0c8b15351312774da8252b3009a3b1d08f730b962877a7b9
-
Size
1.4MB
-
Sample
240429-mb8wfsgb98
-
MD5
f8f63e519a741dd533f4a02294fdfcb7
-
SHA1
18de51990c43de682ec49a6c742e7c69a8b99e60
-
SHA256
65cebb4fe076dd7d0c8b15351312774da8252b3009a3b1d08f730b962877a7b9
-
SHA512
fcb2a33f2c725ce0b81cfdafb739848b5df4e0a7bd719b5f4e7c66c5b3932fa7db57c1e0e8486b624cc4aed27ada3fc2398a4019dfaa024918efc3f097806c78
-
SSDEEP
24576:gfKH/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuI/rEZ:6K51rgXteP3Vz9oI2mhoNosVDP+fXYE
Malware Config
Targets
-
-
Target
65cebb4fe076dd7d0c8b15351312774da8252b3009a3b1d08f730b962877a7b9
-
Size
1.4MB
-
MD5
f8f63e519a741dd533f4a02294fdfcb7
-
SHA1
18de51990c43de682ec49a6c742e7c69a8b99e60
-
SHA256
65cebb4fe076dd7d0c8b15351312774da8252b3009a3b1d08f730b962877a7b9
-
SHA512
fcb2a33f2c725ce0b81cfdafb739848b5df4e0a7bd719b5f4e7c66c5b3932fa7db57c1e0e8486b624cc4aed27ada3fc2398a4019dfaa024918efc3f097806c78
-
SSDEEP
24576:gfKH/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuI/rEZ:6K51rgXteP3Vz9oI2mhoNosVDP+fXYE
Score8/10-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-