General
-
Target
3f2a7fca065978286a763c27c2e4e4a91fa69d81bdedd265db2004f9cddeecf2
-
Size
1004KB
-
Sample
221125-nt4vwsec46
-
MD5
0c70cfc1549b5d7f1e77ff7181b976fe
-
SHA1
8903d45d7a2a714619ed89bba79c839341323e9a
-
SHA256
3f2a7fca065978286a763c27c2e4e4a91fa69d81bdedd265db2004f9cddeecf2
-
SHA512
7dde11fb27a09d9bed283fab9d2cc3b963146d72d9cbe7d3282d0a70f8fa7dba12096fc096300e48bde26f9299a7f6201eaa9b77e3201cafe11e8efe7c5eacd6
-
SSDEEP
24576:2SzAquPjDjVgawTo+o2/97K5cXXEJ/TSuZnVAnb6qLsCo:JzAquPXjrAo2/sCG/TSudVAZI
Malware Config
Targets
-
-
Target
3f2a7fca065978286a763c27c2e4e4a91fa69d81bdedd265db2004f9cddeecf2
-
Size
1004KB
-
MD5
0c70cfc1549b5d7f1e77ff7181b976fe
-
SHA1
8903d45d7a2a714619ed89bba79c839341323e9a
-
SHA256
3f2a7fca065978286a763c27c2e4e4a91fa69d81bdedd265db2004f9cddeecf2
-
SHA512
7dde11fb27a09d9bed283fab9d2cc3b963146d72d9cbe7d3282d0a70f8fa7dba12096fc096300e48bde26f9299a7f6201eaa9b77e3201cafe11e8efe7c5eacd6
-
SSDEEP
24576:2SzAquPjDjVgawTo+o2/97K5cXXEJ/TSuZnVAnb6qLsCo:JzAquPXjrAo2/sCG/TSudVAZI
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-