General
-
Target
nocrypt.dll
-
Size
156KB
-
Sample
200828-qdptx5mqma
-
MD5
388cc3b6cd3ae537f404e235556d78ad
-
SHA1
2a41fdcb1e82af69fc6c41d572039204b16e43dd
-
SHA256
63f29f078acebb36b44d7875c4a54ec051736481ee85898a2ad7e28e2fe1dc08
-
SHA512
5edc123da2507e2bac2c642bce8b7654bc0c69c792cd1523dcc6766754220109040de2a2197a0314a47f0560cbd593a3f80606959654329b3af1af2de12584f2
Static task
static1
Behavioral task
behavioral1
Sample
nocrypt.dll
Resource
win7v200722
Malware Config
Extracted
zloader
nut
14/08
https://girldowcahohorme.tk/wp-parsing.php
http://thegamegolfmagazine.com/wp-parsing.php
http://truvaluconsulting.com/wp-parsing.php
https://blog2.textbookrush.com/wp-parsing.php
https://curiosidadez.com.br/wp-parsing.php
https://nonchothetohear.cf/wp-parsing.php
https://sicupira8.com.br/wp-parsing.php
https://titaniumgamers.com/wp-parsing.php
Targets
-
-
Target
nocrypt.dll
-
Size
156KB
-
MD5
388cc3b6cd3ae537f404e235556d78ad
-
SHA1
2a41fdcb1e82af69fc6c41d572039204b16e43dd
-
SHA256
63f29f078acebb36b44d7875c4a54ec051736481ee85898a2ad7e28e2fe1dc08
-
SHA512
5edc123da2507e2bac2c642bce8b7654bc0c69c792cd1523dcc6766754220109040de2a2197a0314a47f0560cbd593a3f80606959654329b3af1af2de12584f2
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-
Suspicious use of SetThreadContext
-