General

  • Target

    goldropt5.exe

  • Size

    513KB

  • Sample

    240515-3nfnfaad28

  • MD5

    0cc0aa5877cec9109b7a5a0e3a250c72

  • SHA1

    1d49d462a11a00d8ac9608e49f055961bf79980d

  • SHA256

    1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821

  • SHA512

    642b0d06755c78658c308167cf9e61a0e42bb792c61306c6f6976c5ebc51cbce1f795b534e4767e8106edc68bd58f16943c7acc0846cf1c67161c67c28746637

  • SSDEEP

    12288:B/P+NYgHizBSWMJ/17sM57k0+iQkB86PGjg:BO6gH8UJ/mMWkBCg

Malware Config

Targets

    • Target

      goldropt5.exe

    • Size

      513KB

    • MD5

      0cc0aa5877cec9109b7a5a0e3a250c72

    • SHA1

      1d49d462a11a00d8ac9608e49f055961bf79980d

    • SHA256

      1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821

    • SHA512

      642b0d06755c78658c308167cf9e61a0e42bb792c61306c6f6976c5ebc51cbce1f795b534e4767e8106edc68bd58f16943c7acc0846cf1c67161c67c28746637

    • SSDEEP

      12288:B/P+NYgHizBSWMJ/17sM57k0+iQkB86PGjg:BO6gH8UJ/mMWkBCg

    • GoldDragon

      GoldDragon is a second-stage backdoor attributed to Kimsuky.

    • GoldDragon 2021 Stage2 infostealer

      Detect GoldDragon InfoStealer Stage 2.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks