General
-
Target
daun.exe
-
Size
557KB
-
Sample
240912-x4dk5azhkb
-
MD5
b748b605cf8d9e3103701202143aa092
-
SHA1
e49095644bb43f9c5ac524b5519e00526794b102
-
SHA256
d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5
-
SHA512
6b7b28619c91913b7c9cc184678d1e208867a0a0acd20bcc5a99194f6bafbb9fdeedeaac39563cecd938f930214774b426a6603c35d459de4b354e0f201b866c
-
SSDEEP
12288:qQBI/5nXN+xaet5bgH3bC6eXLTidCeE9MGyldojOO/YP973qSarS2yWvdXglczGH:qQBI/5nXiaGbgXbC68
Static task
static1
Behavioral task
behavioral1
Sample
daun.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
daun.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7324318844:AAG9Yvtou9WcrzMj25CcTjoC8Eu_d5OZKZ0/sendDocument
Targets
-
-
Target
daun.exe
-
Size
557KB
-
MD5
b748b605cf8d9e3103701202143aa092
-
SHA1
e49095644bb43f9c5ac524b5519e00526794b102
-
SHA256
d663c78c257545297181ac761995c3b86ef3df23a267ae43a69c5b7788e927d5
-
SHA512
6b7b28619c91913b7c9cc184678d1e208867a0a0acd20bcc5a99194f6bafbb9fdeedeaac39563cecd938f930214774b426a6603c35d459de4b354e0f201b866c
-
SSDEEP
12288:qQBI/5nXN+xaet5bgH3bC6eXLTidCeE9MGyldojOO/YP973qSarS2yWvdXglczGH:qQBI/5nXiaGbgXbC68
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of SetThreadContext
-