General
-
Target
8bffaa7522696c6760727929ec1c15b5aa346333f2c38833d23fbd5ed5765f13
-
Size
1.0MB
-
Sample
221123-h82fesfb27
-
MD5
113c46ff43811083942746787c74670e
-
SHA1
4ccf9e38b219780b732f829a67bf4737a58a80bf
-
SHA256
8bffaa7522696c6760727929ec1c15b5aa346333f2c38833d23fbd5ed5765f13
-
SHA512
d9cca0c584c19a0ef8f247a865f8bb9ccb0d92f577ca32597c21fd15c884d14fc8d9c81fc0f0ad43f182a48b72912ef4d04e9c633eb9d3cbf84bb8e36d885488
-
SSDEEP
24576:Kp/LIlPvXbXPHyJr1zGmWw3fCnJwgPF2BBYR:Kx8lPDshGXwPUJwgonY
Malware Config
Targets
-
-
Target
8bffaa7522696c6760727929ec1c15b5aa346333f2c38833d23fbd5ed5765f13
-
Size
1.0MB
-
MD5
113c46ff43811083942746787c74670e
-
SHA1
4ccf9e38b219780b732f829a67bf4737a58a80bf
-
SHA256
8bffaa7522696c6760727929ec1c15b5aa346333f2c38833d23fbd5ed5765f13
-
SHA512
d9cca0c584c19a0ef8f247a865f8bb9ccb0d92f577ca32597c21fd15c884d14fc8d9c81fc0f0ad43f182a48b72912ef4d04e9c633eb9d3cbf84bb8e36d885488
-
SSDEEP
24576:Kp/LIlPvXbXPHyJr1zGmWw3fCnJwgPF2BBYR:Kx8lPDshGXwPUJwgonY
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-