General
-
Target
9ff2f5482a3aed8291c0808256511cdb788bffcd9300000d3d0240e01918ba27
-
Size
235KB
-
Sample
201115-zgazfqdkss
-
MD5
d7d5c04bd235005cf3431729f0f52416
-
SHA1
08a83329a9d6c8b4fb59e364679e189e3840277a
-
SHA256
9ff2f5482a3aed8291c0808256511cdb788bffcd9300000d3d0240e01918ba27
-
SHA512
354d0255a29fb724fc909cdba32918b3bc27abadf19be26f5e6adeb4b57e04c6058e96287412312ee5e4449d0fdbd45ffb0f1a76179ac14e84e76bd052aa5d66
Malware Config
Targets
-
-
Target
9ff2f5482a3aed8291c0808256511cdb788bffcd9300000d3d0240e01918ba27
-
Size
235KB
-
MD5
d7d5c04bd235005cf3431729f0f52416
-
SHA1
08a83329a9d6c8b4fb59e364679e189e3840277a
-
SHA256
9ff2f5482a3aed8291c0808256511cdb788bffcd9300000d3d0240e01918ba27
-
SHA512
354d0255a29fb724fc909cdba32918b3bc27abadf19be26f5e6adeb4b57e04c6058e96287412312ee5e4449d0fdbd45ffb0f1a76179ac14e84e76bd052aa5d66
Score9/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-