Resubmissions
11-11-2021 01:37
211111-b1spzsffbq 811-11-2021 01:36
211111-b1e4wsaef5 108-11-2021 07:40
211108-jhpvdagfgl 1008-11-2021 07:39
211108-jgzyysbea6 1008-11-2021 07:37
211108-jgaztsbea3 108-11-2021 07:26
211108-h91waagffl 1008-11-2021 07:05
211108-hwnc2agfdn 1008-11-2021 06:48
211108-hk4kwagfcl 1008-11-2021 06:47
211108-hkqn1sgfcj 1008-11-2021 03:53
211108-efs2ssgdhn 10General
-
Target
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fwetllands.org%2Fi%2FamFtZXMuYXNod29ydGhAcmFib2JhbmsuY29t
-
Sample
211108-c5e55abbg7
Malware Config
Targets
-
-
Target
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fwetllands.org%2Fi%2FamFtZXMuYXNod29ydGhAcmFib2JhbmsuY29t
Score8/10-
Executes dropped EXE
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-