cb63099a1b5f346c2d5f03e035df500de83eebbdf6549a605551ca8bf37774f4

General

Target

Winhost.zip
Size

1.1MB
Sample

240429-rnkfvacf62
MD5

7d606aa88face6163ac6e1c1989e9ceb
SHA1

d100448d014695e44e43d402ba5c958889c61466
SHA256

cb63099a1b5f346c2d5f03e035df500de83eebbdf6549a605551ca8bf37774f4
SHA512

ebbb9b5864646392cabedb766aa5278533aac7d402f5d7b1cea4ae682294a8f45b9545205145cb18683d297f74d2842b176a1e907ed343743fa400043d36894b
SSDEEP

24576:o7Mhd0Wi7fch0To7G6jV3l4uXg5jhuTAyjO9fTs7W3IlmO0:QXzKG6XRXgJhusyo7Zt

Score

10^/10

Malware Config

Targets

- Target
  
  Winhost.dll
- Size
  
  1.0MB
- MD5
  
  b095ad31d55b7317ed0a4dfa02188da4
- SHA1
  
  374670f2775d82f1bb4ebb3baf35d7e4ba9cfc27
- SHA256
  
  e2c05ebcd648404c023232b61dc9ac5ec10df5eaf5c1e48d7ac3e53f0b6437ce
- SHA512
  
  e94a32c9832ae9d01e05ed29e82a675753e40d0ed89a2a9d1a265d2d6d690fdccc1d7041586d2f49488d63ba3afe4e03d7fe7731e2a7dc28c7bcdc03282004ac
- SSDEEP
  
  24576:q5A5tpOMihhYhs5Wjo6jVblMu5kFvhsTuQJwFrHyzu8:qIWBnio63V5kNhsaQYL
Score

1^/10
behavioral1 behavioral2
- Target
  
  Winhost.exe
- Size
  
  139KB
- MD5
  
  b046a025e8e53fbd316629125c687c3d
- SHA1
  
  5fc76dc221a4287b706ecc57834e7ed848d41a46
- SHA256
  
  bc18713902edd2f64cae8d04bf37b8545a10c7882e3d3b1fb6f26a677f27434c
- SHA512
  
  be05f7f721d11733172f91d9aad622a86917ccac0e28817ab54d28d13510654755f40a986300d3b823d91fa041ee806823704e3537b2e31dd9de144ac25f7895
- SSDEEP
  
  3072:uiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJA8ltE:uiS4ompB9S3BZi0a1G78IVhcSct
Score

10^/10

evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral3 behavioral4