General
-
Target
Zrzut ekranu 2024-05-17 235529.png
-
Size
50KB
-
Sample
240524-cpzvlahg3s
-
MD5
587bd4ddcb62c4c34b343bd78dbc5653
-
SHA1
84d665d35bcd58f7d5cfcd1ea1da5f71e75619c1
-
SHA256
631ce9b68208a62ff14f6e3a560c4e50862da25f0409e1aa214b1f92494269b0
-
SHA512
b714e6d78e8d4697b86ec0fee8184be8ffb0a86defdc333a291cccfb105d3891934606e325d0adeb8020dd1bfbdc5eeab2b8607f269d197509ea9879991f2c6f
-
SSDEEP
1536:vnQIc4R5QedJK9jfIKwYea0/MpKGtpkcwvouq/IW4+:vZ5QeW9j9DeKpxtOcIz+
Malware Config
Targets
-
-
Target
Zrzut ekranu 2024-05-17 235529.png
-
Size
50KB
-
MD5
587bd4ddcb62c4c34b343bd78dbc5653
-
SHA1
84d665d35bcd58f7d5cfcd1ea1da5f71e75619c1
-
SHA256
631ce9b68208a62ff14f6e3a560c4e50862da25f0409e1aa214b1f92494269b0
-
SHA512
b714e6d78e8d4697b86ec0fee8184be8ffb0a86defdc333a291cccfb105d3891934606e325d0adeb8020dd1bfbdc5eeab2b8607f269d197509ea9879991f2c6f
-
SSDEEP
1536:vnQIc4R5QedJK9jfIKwYea0/MpKGtpkcwvouq/IW4+:vZ5QeW9j9DeKpxtOcIz+
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-