General
-
Target
E11E2425C62F34EBB3F640BAEEFB67D5.exe
-
Size
105.8MB
-
Sample
220109-y5cwnaeadr
-
MD5
e11e2425c62f34ebb3f640baeefb67d5
-
SHA1
7dc6f8aaaf4431c365564a51dd37c143d857b89e
-
SHA256
237deba138355bfb448e74bfb68fc868f4807b24d68715a6d47e348fc0cf9257
-
SHA512
a0739d0141b41bcec079de8fac6df70dc93100721ad1f04ef9cbbf52102ed4b7bbfd7f088618ce9ac939d8fa7d6837a0c822c303d55d7c7fb2d1221d13703e48
Malware Config
Targets
-
-
Target
E11E2425C62F34EBB3F640BAEEFB67D5.exe
-
Size
105.8MB
-
MD5
e11e2425c62f34ebb3f640baeefb67d5
-
SHA1
7dc6f8aaaf4431c365564a51dd37c143d857b89e
-
SHA256
237deba138355bfb448e74bfb68fc868f4807b24d68715a6d47e348fc0cf9257
-
SHA512
a0739d0141b41bcec079de8fac6df70dc93100721ad1f04ef9cbbf52102ed4b7bbfd7f088618ce9ac939d8fa7d6837a0c822c303d55d7c7fb2d1221d13703e48
Score10/10-
GoldDragon
GoldDragon is a second-stage backdoor attributed to Kimsuky.
-
GoldDragon 2021 Stage2 infostealer
Detect GoldDragon InfoStealer Stage 2.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-