General
-
Target
USD Account Details-GCH.exe
-
Size
399KB
-
Sample
201109-ptz618w3ne
-
MD5
b43907860bd2d731b378a703f9011488
-
SHA1
f0ebc2c87dffcfff5a3ffc733d68ef2797876686
-
SHA256
d5d3cde374721294f774229ce8fa3cbf3edd4d3b489448ea7449ee63bbdc2c31
-
SHA512
8b94d256bfaaace733628cdd1dc109c242c28659e048a448778e054661f769233b1cae2ed87dc6d3fca6ab5cd2bdfeb242f189fc5213c2c54a8ed039560a7864
Malware Config
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
admin@evapimpcoltd.pw - Password:
$MKXG2eN$]mXD
Targets
-
-
Target
USD Account Details-GCH.exe
-
Size
399KB
-
MD5
b43907860bd2d731b378a703f9011488
-
SHA1
f0ebc2c87dffcfff5a3ffc733d68ef2797876686
-
SHA256
d5d3cde374721294f774229ce8fa3cbf3edd4d3b489448ea7449ee63bbdc2c31
-
SHA512
8b94d256bfaaace733628cdd1dc109c242c28659e048a448778e054661f769233b1cae2ed87dc6d3fca6ab5cd2bdfeb242f189fc5213c2c54a8ed039560a7864
Score10/10-
404 Keylogger
Information stealer and keylogger first seen in 2019.
-
404 Keylogger Main Executable
-
rezer0
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-