General
-
Target
f143d3532d79d2352b21335032cbc6480a92bce2bf0891059e00316056b07b3e
-
Size
7.3MB
-
Sample
240614-afvhea1aqj
-
MD5
47531a062a4135954b1ade6e3975e3bd
-
SHA1
81cc82411b87b2fa1023dc12a326734beed1f22b
-
SHA256
f143d3532d79d2352b21335032cbc6480a92bce2bf0891059e00316056b07b3e
-
SHA512
96802e5d54771dc43699e0b5497a21778cf808157df2ba5984e8f4d30b7a0717661e03d7d3b483704afd6f65185a58040925f6a313e49b44eed23d64fc7a0883
-
SSDEEP
196608:91OE9OVxUEUiGqgZevO3ZG/g2zwwS12r7n9W1fvwtlW4B:3OoO0/ZG/gOWw9W6lWs
Malware Config
Targets
-
-
Target
f143d3532d79d2352b21335032cbc6480a92bce2bf0891059e00316056b07b3e
-
Size
7.3MB
-
MD5
47531a062a4135954b1ade6e3975e3bd
-
SHA1
81cc82411b87b2fa1023dc12a326734beed1f22b
-
SHA256
f143d3532d79d2352b21335032cbc6480a92bce2bf0891059e00316056b07b3e
-
SHA512
96802e5d54771dc43699e0b5497a21778cf808157df2ba5984e8f4d30b7a0717661e03d7d3b483704afd6f65185a58040925f6a313e49b44eed23d64fc7a0883
-
SSDEEP
196608:91OE9OVxUEUiGqgZevO3ZG/g2zwwS12r7n9W1fvwtlW4B:3OoO0/ZG/gOWw9W6lWs
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-