General
-
Target
TangoGenV1.2.EXE
-
Size
40.8MB
-
Sample
240504-2elmnade41
-
MD5
6dfe5ffc0650a0b3195037d72e156bf6
-
SHA1
9d5bbaef8dadcd5f50bc1e4672574f4cfdacaf12
-
SHA256
04d710537272ed98586dca173fe715a1a39d879cfd1e842775f89f95f1e186f1
-
SHA512
0a491652818a0608a1ba41a162282cd16d687e0f9c59444c5ce08f70a8b65df51737ba297985d42576895d9af42e18f526cd8cf76785ac47fd5014ec2ce99e6a
-
SSDEEP
786432:ZOwCiNg6qoC6plryvhob11L2FltPB57me4bMOMPl8N12rNzXLusmCuWPdX7PkBlV:UmgvSlryvh0116FlIbby8Gr9XyZh0PUD
Malware Config
Targets
-
-
Target
TangoGenV1.2.EXE
-
Size
40.8MB
-
MD5
6dfe5ffc0650a0b3195037d72e156bf6
-
SHA1
9d5bbaef8dadcd5f50bc1e4672574f4cfdacaf12
-
SHA256
04d710537272ed98586dca173fe715a1a39d879cfd1e842775f89f95f1e186f1
-
SHA512
0a491652818a0608a1ba41a162282cd16d687e0f9c59444c5ce08f70a8b65df51737ba297985d42576895d9af42e18f526cd8cf76785ac47fd5014ec2ce99e6a
-
SSDEEP
786432:ZOwCiNg6qoC6plryvhob11L2FltPB57me4bMOMPl8N12rNzXLusmCuWPdX7PkBlV:UmgvSlryvh0116FlIbby8Gr9XyZh0PUD
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-