General
-
Target
DashlaneInst.exe
-
Size
806KB
-
Sample
210122-gs4zg5h2a2
-
MD5
8131f7277245dd4c502f43a161f8cc43
-
SHA1
6edcb79a37408bc4fac095e27ef21ec590d90a3a
-
SHA256
e03516de1aab13ea5b79ebac1b513fef8c9a3ba849bda21a5c211dd33e15eeab
-
SHA512
56b949a0274761546723bbbeed8bf078a6d82a97355b79020c8b0041668779574b30546dec0d1ac228edaf7558cd28ab64a842827ff21c940293774b1c848803
Static task
static1
Behavioral task
behavioral1
Sample
DashlaneInst.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DashlaneInst.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DashlaneInst.exe
-
Size
806KB
-
MD5
8131f7277245dd4c502f43a161f8cc43
-
SHA1
6edcb79a37408bc4fac095e27ef21ec590d90a3a
-
SHA256
e03516de1aab13ea5b79ebac1b513fef8c9a3ba849bda21a5c211dd33e15eeab
-
SHA512
56b949a0274761546723bbbeed8bf078a6d82a97355b79020c8b0041668779574b30546dec0d1ac228edaf7558cd28ab64a842827ff21c940293774b1c848803
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-