General
-
Target
6f9d7b5e7e0638d304ef8d8e855847618cd9261412676254cfa3a46205a5765e
-
Size
3.6MB
-
Sample
230212-19a9qsgc9t
-
MD5
ee23f221e245cf87527c376ecb19d0a1
-
SHA1
7910d20eb477a15d3ffc321de4f337acf281755b
-
SHA256
6f9d7b5e7e0638d304ef8d8e855847618cd9261412676254cfa3a46205a5765e
-
SHA512
b67d9e321a4f98ba2508b2091fb04c1b5ac40aae2ab8af5f7f50ce10f33758cc1609cce3d6137a84ed65423c971e84b2509fbbd3d6111003dbf1d404de694c0d
-
SSDEEP
98304:32eKoeC3xP4Bmss/MTELYpiZKrs+vvM1:3rK9sP5l/FLYsgrs+vQ
Malware Config
Targets
-
-
Target
6f9d7b5e7e0638d304ef8d8e855847618cd9261412676254cfa3a46205a5765e
-
Size
3.6MB
-
MD5
ee23f221e245cf87527c376ecb19d0a1
-
SHA1
7910d20eb477a15d3ffc321de4f337acf281755b
-
SHA256
6f9d7b5e7e0638d304ef8d8e855847618cd9261412676254cfa3a46205a5765e
-
SHA512
b67d9e321a4f98ba2508b2091fb04c1b5ac40aae2ab8af5f7f50ce10f33758cc1609cce3d6137a84ed65423c971e84b2509fbbd3d6111003dbf1d404de694c0d
-
SSDEEP
98304:32eKoeC3xP4Bmss/MTELYpiZKrs+vvM1:3rK9sP5l/FLYsgrs+vQ
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-