General
-
Target
KAPL_PC_304_2023-11-18_16_43_53.357.zip
-
Size
2.9MB
-
Sample
231118-t92clafh9w
-
MD5
8d61cdfd8d7ff246dc6165dad3a71f45
-
SHA1
72e0310926554e735aa76118fac25eb44e6d1a13
-
SHA256
54a7b1e1ce8468c00de0015f06788b4cc2c0a7cb2ad4b413d7510971fd218d99
-
SHA512
ea9857c941c2c37f6dc58716bf4ab8e87f77293add36d78362fcad516ba6cd620f2de9cd67421bc2be33369e2910eedef9cd34b4caa409bfdd7f13cecf7e8fc4
-
SSDEEP
49152:nPiafLoKlxP+5lHyg2/LPnheNDsTwpHqHdWFlOaA/JN+xRlVUFhA1VI//:nTfUIGlHV2TPheND5pHoVqRlKFhz/
Malware Config
Targets
-
-
Target
Device/HarddiskVolume4/soft/Gowri/kine/Setup.exe
-
Size
4.5MB
-
MD5
5452e4d4538b5888558031165b6a5cb7
-
SHA1
3517e72b2c395af4c2756818ae956185a1874d20
-
SHA256
03a241bb0f4d4be4f8e520278b03fcb63d8f9c987e0c8399360c57414af1d0de
-
SHA512
dad957ebb67a1ea7ce5de4f55d5218818882529e004e7a3f9b19ad18910995d3e2fdd61fbe17f7dd0d3ceccfba16b2af34b38949f09a25f970fc717aa07e8ce2
-
SSDEEP
98304:mztryoS4s8mQDzvS55qFGzjJAtDAGfWphkS/vQ8:HoJmQDUEGz1WohkS/vQ8
Score7/10-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-