General
-
Target
4e0cbea473e9781a5a4f7f643f4ea9e852504642cdeb157d1d014646ee36adbc
-
Size
1.1MB
-
Sample
221206-mcjmysha33
-
MD5
7560516355efa446658667a180977c11
-
SHA1
19cf36775b246599d9ae7fcd9b92f137a0d1c2bf
-
SHA256
4e0cbea473e9781a5a4f7f643f4ea9e852504642cdeb157d1d014646ee36adbc
-
SHA512
61c04b2c9994477511c3abe4e0a7f1ec523420ffb727bd944e6517f4bb3af79b183c92b48a07b642e1f8f547cc0c00311a4efed31c489e78fa600c1004c2c395
-
SSDEEP
24576:S2TqSc+qNUwI7VV3iQPhFt4EKqZGy8uux/vJQrg1neCEsitbBQv:SiqSc+afwn3iQ7Cl6uZJQk1neMinq
Malware Config
Targets
-
-
Target
4e0cbea473e9781a5a4f7f643f4ea9e852504642cdeb157d1d014646ee36adbc
-
Size
1.1MB
-
MD5
7560516355efa446658667a180977c11
-
SHA1
19cf36775b246599d9ae7fcd9b92f137a0d1c2bf
-
SHA256
4e0cbea473e9781a5a4f7f643f4ea9e852504642cdeb157d1d014646ee36adbc
-
SHA512
61c04b2c9994477511c3abe4e0a7f1ec523420ffb727bd944e6517f4bb3af79b183c92b48a07b642e1f8f547cc0c00311a4efed31c489e78fa600c1004c2c395
-
SSDEEP
24576:S2TqSc+qNUwI7VV3iQPhFt4EKqZGy8uux/vJQrg1neCEsitbBQv:SiqSc+afwn3iQ7Cl6uZJQk1neMinq
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-