General
-
Target
b5970ed558461a6f17512c70fb4f2e5c28b40914389e28aa2f0bb67e87f521a4
-
Size
318KB
-
Sample
221125-k2cjtsfb62
-
MD5
c38674135a648df803c2253f03dbc454
-
SHA1
804fe6541d91f493498b9a464faa58d60011b434
-
SHA256
b5970ed558461a6f17512c70fb4f2e5c28b40914389e28aa2f0bb67e87f521a4
-
SHA512
e44db875a786d239454f099500645fdd1cac22f6ed3333594148843b4d84f7cc87bba5c82b6ab10dd29e9fb513f0c5bcbfe322528358ec0b76e88b53a1a0f265
-
SSDEEP
3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Malware Config
Targets
-
-
Target
b5970ed558461a6f17512c70fb4f2e5c28b40914389e28aa2f0bb67e87f521a4
-
Size
318KB
-
MD5
c38674135a648df803c2253f03dbc454
-
SHA1
804fe6541d91f493498b9a464faa58d60011b434
-
SHA256
b5970ed558461a6f17512c70fb4f2e5c28b40914389e28aa2f0bb67e87f521a4
-
SHA512
e44db875a786d239454f099500645fdd1cac22f6ed3333594148843b4d84f7cc87bba5c82b6ab10dd29e9fb513f0c5bcbfe322528358ec0b76e88b53a1a0f265
-
SSDEEP
3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Sets file execution options in registry
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-