General
-
Target
Launcher.exe
-
Size
84.3MB
-
Sample
240428-tccmzabc26
-
MD5
ddd88df7eb98fe2d58a53ab5511319be
-
SHA1
cff75793347a393056664370bec62712fdd90f21
-
SHA256
088a9f665d0fdc9b2bb050ecd1524b1539010bbe1d9935f72343bb2bc5f98975
-
SHA512
9c7f37b8ec9293b6606b41391ff9e7115c176f60735b4214d8e2b00513f7e40eba8aaf9fddfe90a261cb1b515fa921514ffc3d31acb32a9e70c26ea37b10c5a0
-
SSDEEP
1572864:+4gPXMo0EPUW3PeaRqjIPY78z0XBkCb0BanmtUFk4rad57:+4Act4PPtqjh784Nctey4Od57
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
84.3MB
-
MD5
ddd88df7eb98fe2d58a53ab5511319be
-
SHA1
cff75793347a393056664370bec62712fdd90f21
-
SHA256
088a9f665d0fdc9b2bb050ecd1524b1539010bbe1d9935f72343bb2bc5f98975
-
SHA512
9c7f37b8ec9293b6606b41391ff9e7115c176f60735b4214d8e2b00513f7e40eba8aaf9fddfe90a261cb1b515fa921514ffc3d31acb32a9e70c26ea37b10c5a0
-
SSDEEP
1572864:+4gPXMo0EPUW3PeaRqjIPY78z0XBkCb0BanmtUFk4rad57:+4Act4PPtqjh784Nctey4Od57
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
Launcher.exe
-
Size
164.9MB
-
MD5
69297f39ec0be1969de6409a310264d1
-
SHA1
7c0e7ead5bd451a95cd6062eb0fb4a5c053f7190
-
SHA256
22117115927d13aee3314c659efe6253692ec3555b2b3e602d512067d71e0b98
-
SHA512
2c6b82ee7d76d227b35e75aed7521a6d939a1f8abe8a031202ec2c56832a3c131a82b006e53be05e0937b461e3a0cdeff8f1f71f1e4e61fb01bc592cd0ee5b57
-
SSDEEP
1572864:Ftc2cEGwGrRSREICCr3ka8YrcSAfII01aLadS5sDNd+Ipx9cF3LfxNEK2Ho8jlgY:b+CHrJIgIsV
Score7/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-