General
-
Target
oc3243546.exe
-
Size
804KB
-
Sample
200713-yntvxancx2
-
MD5
86bbefcf532141a97566dc6b7f05c94b
-
SHA1
ac082f324c82934d475eb977563c232cc0397e35
-
SHA256
6e6aebc63f1d6bcaf1859b1d9d75ee79d82d9af4059fd2c1a53fd84021c6393b
-
SHA512
881f2d9f7cbcea359704d1b39d0d15ea05849df99eee745068dfb75e96cea51f0e674618d301eb94f728f45cfc6fc009d23a044dd26603e67501a86071fce821
Malware Config
Targets
-
-
Target
oc3243546.exe
-
Size
804KB
-
MD5
86bbefcf532141a97566dc6b7f05c94b
-
SHA1
ac082f324c82934d475eb977563c232cc0397e35
-
SHA256
6e6aebc63f1d6bcaf1859b1d9d75ee79d82d9af4059fd2c1a53fd84021c6393b
-
SHA512
881f2d9f7cbcea359704d1b39d0d15ea05849df99eee745068dfb75e96cea51f0e674618d301eb94f728f45cfc6fc009d23a044dd26603e67501a86071fce821
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-