General
-
Target
Noteppad_SettupX32iX64-carved.exe
-
Size
325KB
-
Sample
230103-t1c9eafc2t
-
MD5
6c7f6d2ac093abd0edcd16e29de79dd5
-
SHA1
3bc5de15b605a222862afffa7c65fe6def254181
-
SHA256
af67a6bd0baf78191617c97aad2d21b7d6133e879c92c97b1b1345d629f79661
-
SHA512
87d49fa446a61c1cab0b00df2e24fb6c2321e794d8399060be6000aa4250b8050857c9adeb5201f788e142ad4b72e2189d4f58bd5829be8bbf9fca31190196c1
-
SSDEEP
6144:tAAobu/K6eKHkRYZ9kSqp29ZGbpYByPT7lyvIcySIvF68fx:+AoUK6fHkQWB29vByPHly5VIvk8J
Malware Config
Targets
-
-
Target
Noteppad_SettupX32iX64-carved.exe
-
Size
325KB
-
MD5
6c7f6d2ac093abd0edcd16e29de79dd5
-
SHA1
3bc5de15b605a222862afffa7c65fe6def254181
-
SHA256
af67a6bd0baf78191617c97aad2d21b7d6133e879c92c97b1b1345d629f79661
-
SHA512
87d49fa446a61c1cab0b00df2e24fb6c2321e794d8399060be6000aa4250b8050857c9adeb5201f788e142ad4b72e2189d4f58bd5829be8bbf9fca31190196c1
-
SSDEEP
6144:tAAobu/K6eKHkRYZ9kSqp29ZGbpYByPT7lyvIcySIvF68fx:+AoUK6fHkQWB29vByPHly5VIvk8J
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-