General

  • Target

    f1e69833ed94c69e8e447ab280d677dbf3bd7df8fcc3aa1fc819fbe58703e9c7

  • Size

    324KB

  • Sample

    210408-8earl5gz3s

  • MD5

    bda20d0177640d129ace7394841fe5c0

  • SHA1

    3c8c531a28901ce5f3a6eb9b5ac1c353bfc73f87

  • SHA256

    f1e69833ed94c69e8e447ab280d677dbf3bd7df8fcc3aa1fc819fbe58703e9c7

  • SHA512

    bfaedf705c5bdb3b8b4aa63b18a20e9336ee77999e3637f3677f3aa1623270e5b9dbb62bcd1d1b338979c391cb38d4b127544120804ac42e1c515b0776d02e9e

Malware Config

Targets

    • Target

      f1e69833ed94c69e8e447ab280d677dbf3bd7df8fcc3aa1fc819fbe58703e9c7

    • Size

      324KB

    • MD5

      bda20d0177640d129ace7394841fe5c0

    • SHA1

      3c8c531a28901ce5f3a6eb9b5ac1c353bfc73f87

    • SHA256

      f1e69833ed94c69e8e447ab280d677dbf3bd7df8fcc3aa1fc819fbe58703e9c7

    • SHA512

      bfaedf705c5bdb3b8b4aa63b18a20e9336ee77999e3637f3677f3aa1623270e5b9dbb62bcd1d1b338979c391cb38d4b127544120804ac42e1c515b0776d02e9e

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks