General
-
Target
3903958eb28632aa58e455eb87482d1ccef38a6fe43512baad30902e8bfdd6d5
-
Size
481KB
-
Sample
211103-phsh6aahen
-
MD5
e647b3366dc836c1f63bdc5ba2aef3a9
-
SHA1
a7b0711b45081768817e85d6fc76e23093093f87
-
SHA256
3903958eb28632aa58e455eb87482d1ccef38a6fe43512baad30902e8bfdd6d5
-
SHA512
39166d31017b238b4cae861ab263e3dd11260c0203fc8dcfd41461f3b850126ba954bcf9fb7678ceb63dc2e2f252bd6e20f7f33aed1a81db8c0d89c56be5dfcb
Malware Config
Targets
-
-
Target
3903958eb28632aa58e455eb87482d1ccef38a6fe43512baad30902e8bfdd6d5
-
Size
481KB
-
MD5
e647b3366dc836c1f63bdc5ba2aef3a9
-
SHA1
a7b0711b45081768817e85d6fc76e23093093f87
-
SHA256
3903958eb28632aa58e455eb87482d1ccef38a6fe43512baad30902e8bfdd6d5
-
SHA512
39166d31017b238b4cae861ab263e3dd11260c0203fc8dcfd41461f3b850126ba954bcf9fb7678ceb63dc2e2f252bd6e20f7f33aed1a81db8c0d89c56be5dfcb
Score10/10-
GoldDragon
GoldDragon is a second-stage backdoor attributed to Kimsuky.
-
GoldDragon 2021 Stage2 infostealer
Detect GoldDragon InfoStealer Stage 2.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-