General
-
Target
https://winningaprize.com/tgwth/?city=Ashburn&brand=Desktop&model=Desktop&isp=Amazon.com&ip=34.200.11.22®ion=Ashburn&td=bestmegaoffer.com&browser=Chrome&target=apix07-argyleforrum.com&tsid=2&caid=112&clickid=1635730872.01-191194373-69509&target=apix07-argyleforrum.com&uclick=3v9r6jfe&uclickhash=3v9r6jfe-3v9r6jfe-gxi4-0-16dz-378n-37vr-3ed252
-
Sample
211110-de3n6sgbf3
Malware Config
Targets
-
-
Target
https://winningaprize.com/tgwth/?city=Ashburn&brand=Desktop&model=Desktop&isp=Amazon.com&ip=34.200.11.22®ion=Ashburn&td=bestmegaoffer.com&browser=Chrome&target=apix07-argyleforrum.com&tsid=2&caid=112&clickid=1635730872.01-191194373-69509&target=apix07-argyleforrum.com&uclick=3v9r6jfe&uclickhash=3v9r6jfe-3v9r6jfe-gxi4-0-16dz-378n-37vr-3ed252
Score8/10-
Executes dropped EXE
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-