General
-
Target
update.bin (1).zip
-
Size
409KB
-
Sample
201203-anyaytq7pa
-
MD5
8e5aa86731cfd85ac7a0f3dde0a24ecf
-
SHA1
29aac8940999f1c1cd10dff8fcafd887afdd287b
-
SHA256
b23b61cd59e29ffe5f204918dc720bf6f21278bc17e541613303727ccd8263b1
-
SHA512
d91f94c19f7548f0a40a7b1e792c8e93569560f54758f7d37fb085016b00f1a2f8688466d0e4c2cce257b91485f78c55815664c228de566246ce6c38017bec42
Malware Config
Targets
-
-
Target
update.bin
-
Size
660KB
-
MD5
765f831922fabc13d4f4ad53d0e2c061
-
SHA1
9d5bd9c8682e342c5f11d84047ed012fada6a8c6
-
SHA256
1618a3156b7e95edf26ae91df6c0b047917dee3cd484e96d9a4b0e3d7f310d48
-
SHA512
3e1f82b0fc03f08d093c0520719f7c628e1a691fbd448dcd6384b523dc23c9178a5f9ce749803e357dfc62840a3d4866074d191feb2dcb2b3a80a0a2a99342d6
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar log file
Detects a log file produced by Vidar.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-