Resubmissions

27-06-2022 05:24

220627-f3q2dsbbc7 10

27-06-2022 05:10

220627-ft54yshbbk 10

27-06-2022 05:10

220627-ftp3qshbar 1

General

  • Target

    1.dll

  • Size

    805KB

  • Sample

    220627-ft54yshbbk

  • MD5

    25c5240491accd78c6ee10efb1b73984

  • SHA1

    6072927d9641237c609dd9b604e1d0180a908f3c

  • SHA256

    fa85ed7118f1f8ac656a03958ac7b973bb747a6e8f86561d071ad05255f4e9f0

  • SHA512

    d967b39d07a79a255c2f4ebd71e3ba0e2748c50b70bdfcf88486837e11cdb44919945dd072e9f5537e3d6818bef28d9e6799ff227909bcbdabd6639314142eb0

Malware Config

Targets

    • Target

      1.dll

    • Size

      805KB

    • MD5

      25c5240491accd78c6ee10efb1b73984

    • SHA1

      6072927d9641237c609dd9b604e1d0180a908f3c

    • SHA256

      fa85ed7118f1f8ac656a03958ac7b973bb747a6e8f86561d071ad05255f4e9f0

    • SHA512

      d967b39d07a79a255c2f4ebd71e3ba0e2748c50b70bdfcf88486837e11cdb44919945dd072e9f5537e3d6818bef28d9e6799ff227909bcbdabd6639314142eb0

    • GoldDragon

      GoldDragon is a second-stage backdoor attributed to Kimsuky.

    • GoldDragon 2021 Stage1 backdoor

      Detect GoldDragon backdoor Stage 1.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks