General
-
Target
ed5872028e073a00549aa0ffe151dc4d641eae83694c1fcc3dc545183c091d97.exe
-
Size
283KB
-
Sample
210416-bjfkp7eabj
-
MD5
1f130569a8373dfae4f387d4757769cf
-
SHA1
038f27c37ade7fcb97745e149b65258a7a1ea295
-
SHA256
ed5872028e073a00549aa0ffe151dc4d641eae83694c1fcc3dc545183c091d97
-
SHA512
7401da486a4141efe362f3ba80299f3305e05866e7a04cad8a40107fe6a83765e4616af4ef6f6f40b605135cd34a3c48dedc6023ee32facfb8b4984f29cfa7b3
Malware Config
Targets
-
-
Target
ed5872028e073a00549aa0ffe151dc4d641eae83694c1fcc3dc545183c091d97.exe
-
Size
283KB
-
MD5
1f130569a8373dfae4f387d4757769cf
-
SHA1
038f27c37ade7fcb97745e149b65258a7a1ea295
-
SHA256
ed5872028e073a00549aa0ffe151dc4d641eae83694c1fcc3dc545183c091d97
-
SHA512
7401da486a4141efe362f3ba80299f3305e05866e7a04cad8a40107fe6a83765e4616af4ef6f6f40b605135cd34a3c48dedc6023ee32facfb8b4984f29cfa7b3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
DiamondFox payload
Detects DiamondFox payload in file/memory.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-