General
-
Target
5b3b205391d33ff3e85780985bd44398
-
Size
2.6MB
-
Sample
240114-ply54shhfr
-
MD5
5b3b205391d33ff3e85780985bd44398
-
SHA1
408bda11e611b5b5b4a7d4ab952722c5c5ca395f
-
SHA256
6ea34f6a117de5a499a46a7713523817b222ae7ff483861fb41212edb59878cf
-
SHA512
cac77c9cf536e02ec12b624336739382322e85b9427eec7ccae89a905d873b172d4c6b8fdb1128ecec61e45e2a4b3fb0303fbca25b0001ef952a6ef3042c5b74
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Malware Config
Targets
-
-
Target
5b3b205391d33ff3e85780985bd44398
-
Size
2.6MB
-
MD5
5b3b205391d33ff3e85780985bd44398
-
SHA1
408bda11e611b5b5b4a7d4ab952722c5c5ca395f
-
SHA256
6ea34f6a117de5a499a46a7713523817b222ae7ff483861fb41212edb59878cf
-
SHA512
cac77c9cf536e02ec12b624336739382322e85b9427eec7ccae89a905d873b172d4c6b8fdb1128ecec61e45e2a4b3fb0303fbca25b0001ef952a6ef3042c5b74
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-