golddragon | bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24 | Triage

Submit
Reports

Overview

overview

Static

static

9

bb0a3c784e...in.dll

windows7_x64

bb0a3c784e...in.dll

windows10_x64

Sharing

General

Target

bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24.bin
Size

366KB
Sample

220112-wf4a7sddh2
MD5

e69294040dab044805c9d7c47fef4844
SHA1

f3a2731e174a68d13b4ae15fab2d7b2788517039
SHA256

bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24
SHA512

c1a7bc64f9edf804ef7707dd717e7f8d293a607a96b9339e4acf2fdee1b70c643c1987016882620654c709795775042db9461da11cd4b1a016ea98fcd8e20a8c

Score

10^/10

golddragon backdoor persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24.bin.dll

Resource

win7-en-20211208

golddragon backdoor persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24.bin.dll

Resource

win10-en-20211208

golddragon backdoor persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24.bin
- Size
  
  366KB
- MD5
  
  e69294040dab044805c9d7c47fef4844
- SHA1
  
  f3a2731e174a68d13b4ae15fab2d7b2788517039
- SHA256
  
  bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24
- SHA512
  
  c1a7bc64f9edf804ef7707dd717e7f8d293a607a96b9339e4acf2fdee1b70c643c1987016882620654c709795775042db9461da11cd4b1a016ea98fcd8e20a8c
Score

10^/10

golddragon backdoor persistence spyware stealer
- GoldDragon
  GoldDragon is a second-stage backdoor attributed to Kimsuky.
  backdoor golddragon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

golddragonbackdoorpersistencespywarestealer

behavioral2

golddragonbackdoorpersistencespywarestealer

© 2018-2024

Terms | Privacy