General
-
Target
1638d0f259e408d948293ab1606bb568a78b2c192bd7fc35e4234e36e105ad01
-
Size
4.8MB
-
Sample
230328-gjve5sba2w
-
MD5
d8f3da14aaeef2669614034b5c05ee32
-
SHA1
c84b881d95c4e5cc91588e1868f51f06b27f25ad
-
SHA256
1638d0f259e408d948293ab1606bb568a78b2c192bd7fc35e4234e36e105ad01
-
SHA512
111575d48979bae381ccf15bcd3396f59a57d3c48bc1c096bf7fced4436bc9b3ea99907e4c8afe8445f09a0d4cde7ac1f3bb57fec32cb2914134b25f8ddbb145
-
SSDEEP
98304:oH2YQXQI7XueDTXS4Tq2zlETzLzu1xfMgu4vP/aqs7qL+:oH257drS4e2WG1uQ6qL+
Malware Config
Targets
-
-
Target
1638d0f259e408d948293ab1606bb568a78b2c192bd7fc35e4234e36e105ad01
-
Size
4.8MB
-
MD5
d8f3da14aaeef2669614034b5c05ee32
-
SHA1
c84b881d95c4e5cc91588e1868f51f06b27f25ad
-
SHA256
1638d0f259e408d948293ab1606bb568a78b2c192bd7fc35e4234e36e105ad01
-
SHA512
111575d48979bae381ccf15bcd3396f59a57d3c48bc1c096bf7fced4436bc9b3ea99907e4c8afe8445f09a0d4cde7ac1f3bb57fec32cb2914134b25f8ddbb145
-
SSDEEP
98304:oH2YQXQI7XueDTXS4Tq2zlETzLzu1xfMgu4vP/aqs7qL+:oH257drS4e2WG1uQ6qL+
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-