General
-
Target
Breve-Tufvassons sp.z.o.o Company Profile And Bout Us.exe
-
Size
978KB
-
Sample
201205-a8ka7b43fs
-
MD5
96552c07515a96d59692e8bcf39c4fdc
-
SHA1
a3678076c136f823e16e86322c0bf97add7df226
-
SHA256
ab24817a0cffa763232e7f8c0f7124d8ebe7bffca1cb7b49032da527ef52dae4
-
SHA512
490b652a80990ee3a34812f23d00d47d57ce20320ae5d38ec62dfd44ff0dece032b6121cdf56080f9d612b7df37eca454d2c784abd2daf23283dcd07ce52f355
Malware Config
Targets
-
-
Target
Breve-Tufvassons sp.z.o.o Company Profile And Bout Us.exe
-
Size
978KB
-
MD5
96552c07515a96d59692e8bcf39c4fdc
-
SHA1
a3678076c136f823e16e86322c0bf97add7df226
-
SHA256
ab24817a0cffa763232e7f8c0f7124d8ebe7bffca1cb7b49032da527ef52dae4
-
SHA512
490b652a80990ee3a34812f23d00d47d57ce20320ae5d38ec62dfd44ff0dece032b6121cdf56080f9d612b7df37eca454d2c784abd2daf23283dcd07ce52f355
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-