General
-
Target
931fdd551975cf30ae02f85a90c5ee22.exe
-
Size
215KB
-
Sample
201111-xt5bxz96ea
-
MD5
931fdd551975cf30ae02f85a90c5ee22
-
SHA1
d0330b0199af3e6c06534fee5cbf9d5e88966bc1
-
SHA256
28af95bea8456409bdb09856b0f46304eff9801c3c841b1362ca7a794d7628a5
-
SHA512
68b29d615d97e0be26d799390ba526b5959a805006f1294238073b980266e73b86b5f9a90948bd5170023b80b5d0141baa4784eb1a71b2036a7e36fdf8b71f32
Malware Config
Targets
-
-
Target
931fdd551975cf30ae02f85a90c5ee22.exe
-
Size
215KB
-
MD5
931fdd551975cf30ae02f85a90c5ee22
-
SHA1
d0330b0199af3e6c06534fee5cbf9d5e88966bc1
-
SHA256
28af95bea8456409bdb09856b0f46304eff9801c3c841b1362ca7a794d7628a5
-
SHA512
68b29d615d97e0be26d799390ba526b5959a805006f1294238073b980266e73b86b5f9a90948bd5170023b80b5d0141baa4784eb1a71b2036a7e36fdf8b71f32
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-