Overview

overview

10

Static

static

10

E11E2425C6...xe.dll

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E11E2425C62F34EBB3F640BAEEFB67D5.exe

  • Size

    105.8MB

  • Sample

    220109-y5cwnaeadr

  • MD5

    e11e2425c62f34ebb3f640baeefb67d5

  • SHA1

    7dc6f8aaaf4431c365564a51dd37c143d857b89e

  • SHA256

    237deba138355bfb448e74bfb68fc868f4807b24d68715a6d47e348fc0cf9257

  • SHA512

    a0739d0141b41bcec079de8fac6df70dc93100721ad1f04ef9cbbf52102ed4b7bbfd7f088618ce9ac939d8fa7d6837a0c822c303d55d7c7fb2d1221d13703e48

Score
10/10
golddragonbackdoorpersistencespywarestealer

Malware Config

Targets

    • Target

      E11E2425C62F34EBB3F640BAEEFB67D5.exe

    • Size

      105.8MB

    • MD5

      e11e2425c62f34ebb3f640baeefb67d5

    • SHA1

      7dc6f8aaaf4431c365564a51dd37c143d857b89e

    • SHA256

      237deba138355bfb448e74bfb68fc868f4807b24d68715a6d47e348fc0cf9257

    • SHA512

      a0739d0141b41bcec079de8fac6df70dc93100721ad1f04ef9cbbf52102ed4b7bbfd7f088618ce9ac939d8fa7d6837a0c822c303d55d7c7fb2d1221d13703e48

    Score
    10/10
    golddragonbackdoorpersistencespywarestealer

    • GoldDragon

      GoldDragon is a second-stage backdoor attributed to Kimsuky.

      backdoorgolddragon

    • GoldDragon 2021 Stage2 infostealer

      Detect GoldDragon InfoStealer Stage 2.

      stealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks