General
-
Target
2f87ce7e4e0e4b5eb907c3b52c0596b03a10d908813799185a6904da4ba769c8
-
Size
7.2MB
-
Sample
240502-183btsaa53
-
MD5
8d3c3fcd84c4cea7621e1d151c3a02bc
-
SHA1
26bbc2a5e28d186efd9ee9080110762a286f882d
-
SHA256
2f87ce7e4e0e4b5eb907c3b52c0596b03a10d908813799185a6904da4ba769c8
-
SHA512
fb4739d1de7658ac34e792d55901c2ef72f27e40430bcf629334e0b73314e1e03efcb229c44f0083c927e6b7a97cc8bff189913c72ffab1a6d829d1d2b536b06
-
SSDEEP
196608:91OyK42rwfwdLKpNFcpsC9vmb8OfhTigyoYYo2KYUlO:3OyK42PKnFmOfJZyoYgQO
Malware Config
Targets
-
-
Target
2f87ce7e4e0e4b5eb907c3b52c0596b03a10d908813799185a6904da4ba769c8
-
Size
7.2MB
-
MD5
8d3c3fcd84c4cea7621e1d151c3a02bc
-
SHA1
26bbc2a5e28d186efd9ee9080110762a286f882d
-
SHA256
2f87ce7e4e0e4b5eb907c3b52c0596b03a10d908813799185a6904da4ba769c8
-
SHA512
fb4739d1de7658ac34e792d55901c2ef72f27e40430bcf629334e0b73314e1e03efcb229c44f0083c927e6b7a97cc8bff189913c72ffab1a6d829d1d2b536b06
-
SSDEEP
196608:91OyK42rwfwdLKpNFcpsC9vmb8OfhTigyoYYo2KYUlO:3OyK42PKnFmOfJZyoYgQO
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-