General
-
Target
b06ca9689a517fa053a77ebce8fab696.exe
-
Size
605KB
-
Sample
220202-k4fz2ahhd8
-
MD5
b06ca9689a517fa053a77ebce8fab696
-
SHA1
06691dda8b7f412ba4c31f2f78678acbc8262881
-
SHA256
2f848ea94d4a48694c68e472882222c054d12797c0f7eabd7ebdb9daebd27ece
-
SHA512
9af05fe8d4b2ecb0abcc3283af18950912cc0888bc1a98b3f9164cd839c41ddf6a2dea2c62dfcaaf8b53dac0eb8255ef6527e3f81f6908677d1ed5bce557e917
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
10203040eam.
Targets
-
-
Target
b06ca9689a517fa053a77ebce8fab696.exe
-
Size
605KB
-
MD5
b06ca9689a517fa053a77ebce8fab696
-
SHA1
06691dda8b7f412ba4c31f2f78678acbc8262881
-
SHA256
2f848ea94d4a48694c68e472882222c054d12797c0f7eabd7ebdb9daebd27ece
-
SHA512
9af05fe8d4b2ecb0abcc3283af18950912cc0888bc1a98b3f9164cd839c41ddf6a2dea2c62dfcaaf8b53dac0eb8255ef6527e3f81f6908677d1ed5bce557e917
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-