General
-
Target
RetroBar.64-bit.zip
-
Size
2.8MB
-
Sample
241004-v93fbs1gne
-
MD5
d4f718e68bde9ae5e0cb901425b476ab
-
SHA1
53ac6aa6c5835bc435df56e8f392c622ea8d783f
-
SHA256
14d10754a62af7b13a4e9157d006e548168c736d5f0e8d68517844a704e27c80
-
SHA512
d5a15c4cf382462f6d560fc6ee6d38aa0b057e42c14ba50fc52a861d332bb9227231559f87f1232eae6d7da8988fe6407af47653340b3bd438389916b772b994
-
SSDEEP
49152:cD2kBjQKEy1MLhn96d5gv1cCMY4V4lM5B+s0G/5pl6jNKi9HLq8m6/Hvc5:bkBjQKEy1I96dA1clAM5wtGRpl5i9H2/
Malware Config
Targets
-
-
Target
RetroBar.exe
-
Size
8.6MB
-
MD5
396a17558482eb742f2ac8e17eb78deb
-
SHA1
a9b1289b181801d2e44a5083394fcd23e7075152
-
SHA256
5d8d7ff3e76ecf5cc12323b08bef68b9a719eaf0d4f0d343664a5c035d18f710
-
SHA512
2b3ffd9d5b65433b7700c312982ff4a5908f42c09de2eead541a834e7ab52fd2ee5dde707c63f6f83ba002bc10744e49e060733581668958fe91afaf9135f47a
-
SSDEEP
49152:qNF6JGhcI1ejopUFJVsBdj9bIV/ngnacWNCA6hNyUTAIK8jo9f816YrBcAF5V/Bq:sYJBNCRsVSxYbfrCKVq9Y
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1