General
-
Target
SecuriteInfo.com.Trojan.PackedNET.505.30555.30634
-
Size
1.8MB
-
Sample
210114-4ernqnxs1n
-
MD5
cf0e69a2b8739ddf78c0591882419c94
-
SHA1
4f674b7c178d58f67b45622300644837ab575bdd
-
SHA256
3a4d839dd867042efff6cc03629ad9a7a4cc6ab55437891161b6fdc48af09cd1
-
SHA512
399d3e61532eff0cf1a10b79675dcc83e381585f4400b07b62cade008fd79585a3233f0ce15a2fcdf0b2fbe84fdb72d59f9efc43a188469e87cf8ac25e4361fb
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.505.30555.30634
-
Size
1.8MB
-
MD5
cf0e69a2b8739ddf78c0591882419c94
-
SHA1
4f674b7c178d58f67b45622300644837ab575bdd
-
SHA256
3a4d839dd867042efff6cc03629ad9a7a4cc6ab55437891161b6fdc48af09cd1
-
SHA512
399d3e61532eff0cf1a10b79675dcc83e381585f4400b07b62cade008fd79585a3233f0ce15a2fcdf0b2fbe84fdb72d59f9efc43a188469e87cf8ac25e4361fb
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-