General
-
Target
9cd30cc49ed119e737cff4636a45385a.exe
-
Size
1.7MB
-
Sample
211019-ltqxxsgdgj
-
MD5
9cd30cc49ed119e737cff4636a45385a
-
SHA1
5ffedf97a4939724c96f6cd64a67a72d3c7a7797
-
SHA256
181c80a7ad3a6a0e4c3cba6a4427a06b59c8f363c86cb8b35c7bb89e81b0a49c
-
SHA512
5bbd6b1c6bcf305ac107be17a91df43f280a773e2beebdce45d9a3b89828ad3cd234b10bf182b6d77e719b560f7396fb7a0898dee544b5ccc2fb9c5985db2a86
Malware Config
Targets
-
-
Target
9cd30cc49ed119e737cff4636a45385a.exe
-
Size
1.7MB
-
MD5
9cd30cc49ed119e737cff4636a45385a
-
SHA1
5ffedf97a4939724c96f6cd64a67a72d3c7a7797
-
SHA256
181c80a7ad3a6a0e4c3cba6a4427a06b59c8f363c86cb8b35c7bb89e81b0a49c
-
SHA512
5bbd6b1c6bcf305ac107be17a91df43f280a773e2beebdce45d9a3b89828ad3cd234b10bf182b6d77e719b560f7396fb7a0898dee544b5ccc2fb9c5985db2a86
Score10/10-
suricata: ET MALWARE Arechclient2 Backdoor CnC Init
suricata: ET MALWARE Arechclient2 Backdoor CnC Init
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-