General
-
Target
0c5e30ee5e8af2e7b089f05434d78766.exe
-
Size
2.2MB
-
Sample
240620-aq7kqayeld
-
MD5
0c5e30ee5e8af2e7b089f05434d78766
-
SHA1
0bb52794b1ca528607a3addcb054c3f1ea3cb373
-
SHA256
29efde654a5474a8920dbde4cac0e1cb411eeec3c86a8888984bb077e5864ff3
-
SHA512
fb5bdb669d9cf2e28ea37d160df06466e9d626efa54b18c0a852f72e19893000c6838edae8ee5dfd8987ddc0ea7f9e401735f9daf310e865a0115801136dc519
-
SSDEEP
24576:2TbBv5rUyXVORdV96JfBYjzkNAwp7TxUZSuQZmdo41ruqo0yyRVJiNMjV+UFfiSg:IBJOr6+wtXmlz9QqaSdXrC
Malware Config
Targets
-
-
Target
0c5e30ee5e8af2e7b089f05434d78766.exe
-
Size
2.2MB
-
MD5
0c5e30ee5e8af2e7b089f05434d78766
-
SHA1
0bb52794b1ca528607a3addcb054c3f1ea3cb373
-
SHA256
29efde654a5474a8920dbde4cac0e1cb411eeec3c86a8888984bb077e5864ff3
-
SHA512
fb5bdb669d9cf2e28ea37d160df06466e9d626efa54b18c0a852f72e19893000c6838edae8ee5dfd8987ddc0ea7f9e401735f9daf310e865a0115801136dc519
-
SSDEEP
24576:2TbBv5rUyXVORdV96JfBYjzkNAwp7TxUZSuQZmdo41ruqo0yyRVJiNMjV+UFfiSg:IBJOr6+wtXmlz9QqaSdXrC
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-