General
-
Target
ae6a68f651c30d7c6c914114fa14aa0b.exe
-
Size
967KB
-
Sample
220421-j4eljaacfn
-
MD5
ae6a68f651c30d7c6c914114fa14aa0b
-
SHA1
21eeaeb2061461f7bdd20f02542c18cc4ea75baa
-
SHA256
f93628943add0691bc80e1db3cee114133ef839e820f50448b3082c46113cb6d
-
SHA512
e06c62be260746076290d404f90e797d340db014b250d1c78bf05fc33fd469e051d9092df59f7668673cdd7a6a7df47ab5977b241b66da3ad20528c6266ddef9
Malware Config
Targets
-
-
Target
ae6a68f651c30d7c6c914114fa14aa0b.exe
-
Size
967KB
-
MD5
ae6a68f651c30d7c6c914114fa14aa0b
-
SHA1
21eeaeb2061461f7bdd20f02542c18cc4ea75baa
-
SHA256
f93628943add0691bc80e1db3cee114133ef839e820f50448b3082c46113cb6d
-
SHA512
e06c62be260746076290d404f90e797d340db014b250d1c78bf05fc33fd469e051d9092df59f7668673cdd7a6a7df47ab5977b241b66da3ad20528c6266ddef9
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-