General
-
Target
0330eb5e2f44d2e71b863f03c056f1c74995846587ccfba437d53e4e2e4b9558
-
Size
3.7MB
-
Sample
230206-y533vafg46
-
MD5
4d48f11f0abc973ab3acf12de2211865
-
SHA1
53c161c0be82c5c592f843341a5ed64fd9cd7aef
-
SHA256
0330eb5e2f44d2e71b863f03c056f1c74995846587ccfba437d53e4e2e4b9558
-
SHA512
cb50822e5c5543ec6ae96375277c62e6cadb69f250ac4e3bd3d7e9480d22eabcbdf02bd2ea1f69d4c70767b34ba7b94fb07bdcd17bc0d3e662822c9fa26dcfc9
-
SSDEEP
98304:oANvCTRrDO3++95Kz5dPGC9lO9MrYsD1gsGuLsj:gVHOh9gXGkmM8Td
Malware Config
Targets
-
-
Target
0330eb5e2f44d2e71b863f03c056f1c74995846587ccfba437d53e4e2e4b9558
-
Size
3.7MB
-
MD5
4d48f11f0abc973ab3acf12de2211865
-
SHA1
53c161c0be82c5c592f843341a5ed64fd9cd7aef
-
SHA256
0330eb5e2f44d2e71b863f03c056f1c74995846587ccfba437d53e4e2e4b9558
-
SHA512
cb50822e5c5543ec6ae96375277c62e6cadb69f250ac4e3bd3d7e9480d22eabcbdf02bd2ea1f69d4c70767b34ba7b94fb07bdcd17bc0d3e662822c9fa26dcfc9
-
SSDEEP
98304:oANvCTRrDO3++95Kz5dPGC9lO9MrYsD1gsGuLsj:gVHOh9gXGkmM8Td
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-