General
-
Target
E-dekont.exe
-
Size
1.2MB
-
Sample
231207-p5t1haba39
-
MD5
3cb8cabac5dc5a0d0eef27cb5c90792d
-
SHA1
55a0e52a05ef20f05b8adab1e5a630a76fadc127
-
SHA256
27109cdaf4aeaf0ac18509837787301469487e25f02ab5a1c63cb570d795334a
-
SHA512
a14a1fbcc87a120b73145e536be4e6b5c24871d040734c2dbaf1ed46b8f624dcfddc076aa353754a105452a8913bd0d07c7c1a35856347a9e76a1b6d997a6015
-
SSDEEP
24576:6Fd6Ri85AtkfEZOpZJ3uI7aYOyD9dL5TAm9mRm8YbX1niRUw:mdcinPmr7asjL5ThcUX1Sv
Malware Config
Targets
-
-
Target
E-dekont.exe
-
Size
1.2MB
-
MD5
3cb8cabac5dc5a0d0eef27cb5c90792d
-
SHA1
55a0e52a05ef20f05b8adab1e5a630a76fadc127
-
SHA256
27109cdaf4aeaf0ac18509837787301469487e25f02ab5a1c63cb570d795334a
-
SHA512
a14a1fbcc87a120b73145e536be4e6b5c24871d040734c2dbaf1ed46b8f624dcfddc076aa353754a105452a8913bd0d07c7c1a35856347a9e76a1b6d997a6015
-
SSDEEP
24576:6Fd6Ri85AtkfEZOpZJ3uI7aYOyD9dL5TAm9mRm8YbX1niRUw:mdcinPmr7asjL5ThcUX1Sv
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-