General
-
Target
f6559927cc22b1399c7e374e106514669a5b16f6adf04b93f1bc95e1b5b9e5a8
-
Size
382KB
-
Sample
221125-la4dxabc4v
-
MD5
0be752959742a3ca66a19d41641ee50d
-
SHA1
ad963d1a4a49e8f3ca21c9cbf409a714afb6d77f
-
SHA256
f6559927cc22b1399c7e374e106514669a5b16f6adf04b93f1bc95e1b5b9e5a8
-
SHA512
407abfddcf8b6648c89f6b773954466c17179b634eda991e40ce65b0f059599f05960e3b128f0cab891ba3ef4c53dc1003a40135b418b69d2d4188cc7222abb2
-
SSDEEP
3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Malware Config
Targets
-
-
Target
f6559927cc22b1399c7e374e106514669a5b16f6adf04b93f1bc95e1b5b9e5a8
-
Size
382KB
-
MD5
0be752959742a3ca66a19d41641ee50d
-
SHA1
ad963d1a4a49e8f3ca21c9cbf409a714afb6d77f
-
SHA256
f6559927cc22b1399c7e374e106514669a5b16f6adf04b93f1bc95e1b5b9e5a8
-
SHA512
407abfddcf8b6648c89f6b773954466c17179b634eda991e40ce65b0f059599f05960e3b128f0cab891ba3ef4c53dc1003a40135b418b69d2d4188cc7222abb2
-
SSDEEP
3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Sets file execution options in registry
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-