General
-
Target
35DE7C29B04A8DDF9846DC4E72EADFA8.exe
-
Size
4.1MB
-
Sample
240710-qb3k8a1hla
-
MD5
35de7c29b04a8ddf9846dc4e72eadfa8
-
SHA1
6809d9310993ae69cb0830666090f29f3147dde7
-
SHA256
b7c1f1f97c8a58f45f777ea7651b7cc691878a770fe36edc2e37fc3f02595ded
-
SHA512
f825fe5d157e2a09f12d924b2ce261ca65e707fd1f73bfb7412de8a440b4b8dd386ebcf2fbe6143dcfbed424edacd1a4e4284786941002b0a8a8a547f33b9c97
-
SSDEEP
98304:wzpg8gUmhLVYgQjxvDS875vO5504aswc22JXm/o/189MsuhebehGOG:lBUmVf+xDvOM4at2JBaiRgbGG
Malware Config
Targets
-
-
Target
35DE7C29B04A8DDF9846DC4E72EADFA8.exe
-
Size
4.1MB
-
MD5
35de7c29b04a8ddf9846dc4e72eadfa8
-
SHA1
6809d9310993ae69cb0830666090f29f3147dde7
-
SHA256
b7c1f1f97c8a58f45f777ea7651b7cc691878a770fe36edc2e37fc3f02595ded
-
SHA512
f825fe5d157e2a09f12d924b2ce261ca65e707fd1f73bfb7412de8a440b4b8dd386ebcf2fbe6143dcfbed424edacd1a4e4284786941002b0a8a8a547f33b9c97
-
SSDEEP
98304:wzpg8gUmhLVYgQjxvDS875vO5504aswc22JXm/o/189MsuhebehGOG:lBUmVf+xDvOM4at2JBaiRgbGG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-