General
-
Target
ef2afafa7dc329237b91e6d97af0b7ea32e0c567a906faaba68b9bfe6ad8ee09
-
Size
4.8MB
-
Sample
230328-a1bk2aga85
-
MD5
3a863e6017227f9c1249342921f4c436
-
SHA1
720ca6347a629db77305fe40b787b18d2af2921b
-
SHA256
ef2afafa7dc329237b91e6d97af0b7ea32e0c567a906faaba68b9bfe6ad8ee09
-
SHA512
0dad30fb0d0056e69e54d19448a58b75d5d6c45056ac68bbc6599ba6d30ad14e6839597971d8934940f5756271d8ff9553d8b3f2ac763e203d7fa6016cd732c1
-
SSDEEP
98304:+BQ5+5vhitPskBAHftlCuR11cAGGmkyHf+k0ZncvxKcTKSzT7Dg:+BC2/kQtlCuCASky/+lSSSzTv
Malware Config
Targets
-
-
Target
ef2afafa7dc329237b91e6d97af0b7ea32e0c567a906faaba68b9bfe6ad8ee09
-
Size
4.8MB
-
MD5
3a863e6017227f9c1249342921f4c436
-
SHA1
720ca6347a629db77305fe40b787b18d2af2921b
-
SHA256
ef2afafa7dc329237b91e6d97af0b7ea32e0c567a906faaba68b9bfe6ad8ee09
-
SHA512
0dad30fb0d0056e69e54d19448a58b75d5d6c45056ac68bbc6599ba6d30ad14e6839597971d8934940f5756271d8ff9553d8b3f2ac763e203d7fa6016cd732c1
-
SSDEEP
98304:+BQ5+5vhitPskBAHftlCuR11cAGGmkyHf+k0ZncvxKcTKSzT7Dg:+BC2/kQtlCuCASky/+lSSSzTv
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-