General
-
Target
Attachment.js
-
Size
9KB
-
Sample
230125-l2lceahc9t
-
MD5
0d7aac781fcb032d7e6261638b17318a
-
SHA1
cec8bda522ab70b14410759ffa12e69e00a892c3
-
SHA256
0250ebf092c4efff85ec3996a9011d37d091de867cce42d174c5c2a6c61a4d12
-
SHA512
a3813a1a337c4f8390c0b3cdb9134830ce444975322099115e8cfe4e7c6b567488d39e31922ffe02417c0263fd51c38953c84fa5be4f5a83da833bb060b5fbcf
-
SSDEEP
192:JDohqMizzyhd9jRpUT7BUPsqzr/8qzrYihEvWXJtjB034BeRISx5RxV1ctOsqBt+:Jsliyhr1/aeX/jB034BeR7cIsWtY0lRI
Malware Config
Targets
-
-
Target
Attachment.js
-
Size
9KB
-
MD5
0d7aac781fcb032d7e6261638b17318a
-
SHA1
cec8bda522ab70b14410759ffa12e69e00a892c3
-
SHA256
0250ebf092c4efff85ec3996a9011d37d091de867cce42d174c5c2a6c61a4d12
-
SHA512
a3813a1a337c4f8390c0b3cdb9134830ce444975322099115e8cfe4e7c6b567488d39e31922ffe02417c0263fd51c38953c84fa5be4f5a83da833bb060b5fbcf
-
SSDEEP
192:JDohqMizzyhd9jRpUT7BUPsqzr/8qzrYihEvWXJtjB034BeRISx5RxV1ctOsqBt+:Jsliyhr1/aeX/jB034BeR7cIsWtY0lRI
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-