General
-
Target
0cc0aa5877cec9109b7a5a0e3a250c72.bin
-
Size
513KB
-
Sample
230412-bk51dagf28
-
MD5
0cc0aa5877cec9109b7a5a0e3a250c72
-
SHA1
1d49d462a11a00d8ac9608e49f055961bf79980d
-
SHA256
1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821
-
SHA512
642b0d06755c78658c308167cf9e61a0e42bb792c61306c6f6976c5ebc51cbce1f795b534e4767e8106edc68bd58f16943c7acc0846cf1c67161c67c28746637
-
SSDEEP
12288:B/P+NYgHizBSWMJ/17sM57k0+iQkB86PGjg:BO6gH8UJ/mMWkBCg
Malware Config
Targets
-
-
Target
0cc0aa5877cec9109b7a5a0e3a250c72.bin
-
Size
513KB
-
MD5
0cc0aa5877cec9109b7a5a0e3a250c72
-
SHA1
1d49d462a11a00d8ac9608e49f055961bf79980d
-
SHA256
1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821
-
SHA512
642b0d06755c78658c308167cf9e61a0e42bb792c61306c6f6976c5ebc51cbce1f795b534e4767e8106edc68bd58f16943c7acc0846cf1c67161c67c28746637
-
SSDEEP
12288:B/P+NYgHizBSWMJ/17sM57k0+iQkB86PGjg:BO6gH8UJ/mMWkBCg
Score10/10-
GoldDragon
GoldDragon is a second-stage backdoor attributed to Kimsuky.
-
GoldDragon 2021 Stage1 backdoor
Detect GoldDragon backdoor Stage 1.
-
GoldDragon 2021 Stage2 infostealer
Detect GoldDragon InfoStealer Stage 2.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-