General
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwj054m5jOiHAxWVi4MHHbNAKm4YABAAGgJlZg&co=1&gclid=CjwKCAjw_Na1BhAlEiwAM-dm7MXSXU2Zu2lylchbuvU_YZPHgHToDz6kmzkcF_MOGuXatnMa7rZ20xoCToMQAvD_BwE&ohost=www.google.com&cid=CAESVeD2_Vu-r6TQn4JeRuY9wvmGGX5Zc3S5aVs31udGbsnXFXoG81dKSxYxCYf5YCNcnv3b3kjPKQuujj80T-0mEdbXmTbu8hPme_cYj6QD4AGTJWQYcuI&sig=AOD64_3c59l2k7H1BWGOJQrGDMDgRiD9Dw&q&adurl&ved=2ahUKEwiH54K5jOiHAxUMgf0HHQbkJU4Q0Qx6BAgIEAE
-
Sample
240809-rk3g9avhle
Malware Config
Targets
-
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwj054m5jOiHAxWVi4MHHbNAKm4YABAAGgJlZg&co=1&gclid=CjwKCAjw_Na1BhAlEiwAM-dm7MXSXU2Zu2lylchbuvU_YZPHgHToDz6kmzkcF_MOGuXatnMa7rZ20xoCToMQAvD_BwE&ohost=www.google.com&cid=CAESVeD2_Vu-r6TQn4JeRuY9wvmGGX5Zc3S5aVs31udGbsnXFXoG81dKSxYxCYf5YCNcnv3b3kjPKQuujj80T-0mEdbXmTbu8hPme_cYj6QD4AGTJWQYcuI&sig=AOD64_3c59l2k7H1BWGOJQrGDMDgRiD9Dw&q&adurl&ved=2ahUKEwiH54K5jOiHAxUMgf0HHQbkJU4Q0Qx6BAgIEAE
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-