General
-
Target
lexis.exe
-
Size
20.2MB
-
Sample
250327-njdwqatjy2
-
MD5
f9bf9c1831d7f63d427cfbc979fd1e12
-
SHA1
b7e92540d56c36d27c4ef77603d2b0d8dfdb72d1
-
SHA256
63e776333c51e644d1b6ee76f26953596446544b335d19c46db9d75b18314830
-
SHA512
b71e40ab4d1cb52a37eb70b48bd7af09a846e3f1e58b6be923d030007aa9de00f8c9a98de2f625d46653afc2e3713c0882522eeb92fcbd7d589a691c0c5273fe
-
SSDEEP
98304:TuqoOcOigmHaaDl8cCbWF7zT2b9uXFiN+bJz+VuYwhG:TGOZmHaapvCbWlCuAIbJziuYJ
Malware Config
Targets
-
-
Target
lexis.exe
-
Size
20.2MB
-
MD5
f9bf9c1831d7f63d427cfbc979fd1e12
-
SHA1
b7e92540d56c36d27c4ef77603d2b0d8dfdb72d1
-
SHA256
63e776333c51e644d1b6ee76f26953596446544b335d19c46db9d75b18314830
-
SHA512
b71e40ab4d1cb52a37eb70b48bd7af09a846e3f1e58b6be923d030007aa9de00f8c9a98de2f625d46653afc2e3713c0882522eeb92fcbd7d589a691c0c5273fe
-
SSDEEP
98304:TuqoOcOigmHaaDl8cCbWF7zT2b9uXFiN+bJz+VuYwhG:TGOZmHaapvCbWlCuAIbJziuYJ
Score10/10-
Detect SalatStealer payload
-
Salatstealer family
-
salatstealer
SalatStealer is a stealer that takes sceenshot written in Golang.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-