General
-
Target
4ab8c02ccc707823bc0a9d2551bc8873f089ecd8d447c1bb8882b16a75f27bea
-
Size
465KB
-
Sample
240605-2dkc7sbf77
-
MD5
d01b5e1e47ef4095df2411ad4fba17bc
-
SHA1
28c133c39495cb2aa0fb04b6cd8a0be3ce5b6f54
-
SHA256
4ab8c02ccc707823bc0a9d2551bc8873f089ecd8d447c1bb8882b16a75f27bea
-
SHA512
9aa649836d5d3d6385e4d8d393333179e6e4ee27db1cf73959e0fa4e2b154215a04e95a4c2e9980e35978d57b3df17f502c70ce502b96818b708c9036ed6e945
-
SSDEEP
6144:0ULhuAEZHBmkhtnLYxe6VlWT8b9isuqTLriTRNqZj7fgoUxbTR+HeI0Wpd:Zg9ZsxPVle8aG4rqjkoUR++I0Wr
Malware Config
Targets
-
-
Target
4ab8c02ccc707823bc0a9d2551bc8873f089ecd8d447c1bb8882b16a75f27bea
-
Size
465KB
-
MD5
d01b5e1e47ef4095df2411ad4fba17bc
-
SHA1
28c133c39495cb2aa0fb04b6cd8a0be3ce5b6f54
-
SHA256
4ab8c02ccc707823bc0a9d2551bc8873f089ecd8d447c1bb8882b16a75f27bea
-
SHA512
9aa649836d5d3d6385e4d8d393333179e6e4ee27db1cf73959e0fa4e2b154215a04e95a4c2e9980e35978d57b3df17f502c70ce502b96818b708c9036ed6e945
-
SSDEEP
6144:0ULhuAEZHBmkhtnLYxe6VlWT8b9isuqTLriTRNqZj7fgoUxbTR+HeI0Wpd:Zg9ZsxPVle8aG4rqjkoUR++I0Wr
Score10/10-
Modifies WinLogon for persistence
-
Modifies AppInit DLL entries
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1