General
-
Target
BubbleBrowserMaintenance.exe
-
Size
567KB
-
Sample
201031-jwxx97ecr6
-
MD5
477fa159316a4d4f6341aa21a81d9522
-
SHA1
1bd0b6d9782bfceda6a374adcc0329aee52b074c
-
SHA256
e63c6f3e382610933bfa3229550cdb7ff7d1fa69cc44379ba720f49983d3afc1
-
SHA512
27c86effb5b4c8074fd729dc766cb0082f091a1eeeb4acc0584c8ee565cf36118ae46674849cc682a6109a540488722bd868a87b2f88c8c64cf04ed611446898
Malware Config
Targets
-
-
Target
BubbleBrowserMaintenance.exe
-
Size
567KB
-
MD5
477fa159316a4d4f6341aa21a81d9522
-
SHA1
1bd0b6d9782bfceda6a374adcc0329aee52b074c
-
SHA256
e63c6f3e382610933bfa3229550cdb7ff7d1fa69cc44379ba720f49983d3afc1
-
SHA512
27c86effb5b4c8074fd729dc766cb0082f091a1eeeb4acc0584c8ee565cf36118ae46674849cc682a6109a540488722bd868a87b2f88c8c64cf04ed611446898
Score8/10-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-