General
-
Target
40e86aaa6c3dc0d5e920aaf7e64b4ea24b1ad36eb6c935d2062287803aa8a6f9
-
Size
976KB
-
Sample
221126-f73kzshg7v
-
MD5
e20176326586edf7c93bdce84f5dcb92
-
SHA1
dde4fa509f886fccdaf442acc734a8bb567d4e63
-
SHA256
40e86aaa6c3dc0d5e920aaf7e64b4ea24b1ad36eb6c935d2062287803aa8a6f9
-
SHA512
1b74ee6da741a9356dc780f5aedfdbdd8d8d22b79c6f265998f3ed1033f5319dfbf25f5f5e71f7a700d876f628f0d111f845aaa52d660e79399c9b25bb0980bd
-
SSDEEP
24576:72uditxkoM4m3jo1Smp3jDZ/PgBh06eo5tst:72Siti9FjOSmlXhP/6eoY
Malware Config
Targets
-
-
Target
40e86aaa6c3dc0d5e920aaf7e64b4ea24b1ad36eb6c935d2062287803aa8a6f9
-
Size
976KB
-
MD5
e20176326586edf7c93bdce84f5dcb92
-
SHA1
dde4fa509f886fccdaf442acc734a8bb567d4e63
-
SHA256
40e86aaa6c3dc0d5e920aaf7e64b4ea24b1ad36eb6c935d2062287803aa8a6f9
-
SHA512
1b74ee6da741a9356dc780f5aedfdbdd8d8d22b79c6f265998f3ed1033f5319dfbf25f5f5e71f7a700d876f628f0d111f845aaa52d660e79399c9b25bb0980bd
-
SSDEEP
24576:72uditxkoM4m3jo1Smp3jDZ/PgBh06eo5tst:72Siti9FjOSmlXhP/6eoY
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-