General
-
Target
2024-06-24_9c5698924d4d1881efaf88651a304cb3_darkside
-
Size
147KB
-
Sample
240624-lpnl1ayhmm
-
MD5
9c5698924d4d1881efaf88651a304cb3
-
SHA1
c60a0b99729eb6d95c2d9f8b76b9714411a3a751
-
SHA256
6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417
-
SHA512
1e9cc0d7c831a496e3dbcc56f2d5d477e7a7546c2f223b0278fedfa10fc1bebb0412fd5d81ac02a77aa503ddc99dea1d59d9120d076ae7a0f5137c9260a64eea
-
SSDEEP
3072:+6glyuxE4GsUPnliByocWepMT0CY2gbP39m3Lpdp:+6gDBGpvEByocWeAYTbPN8p
Malware Config
Extracted
C:\flzQgniJJ.README.txt
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Targets
-
-
Target
2024-06-24_9c5698924d4d1881efaf88651a304cb3_darkside
-
Size
147KB
-
MD5
9c5698924d4d1881efaf88651a304cb3
-
SHA1
c60a0b99729eb6d95c2d9f8b76b9714411a3a751
-
SHA256
6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417
-
SHA512
1e9cc0d7c831a496e3dbcc56f2d5d477e7a7546c2f223b0278fedfa10fc1bebb0412fd5d81ac02a77aa503ddc99dea1d59d9120d076ae7a0f5137c9260a64eea
-
SSDEEP
3072:+6glyuxE4GsUPnliByocWepMT0CY2gbP39m3Lpdp:+6gDBGpvEByocWeAYTbPN8p
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-