General
-
Target
e1e4d09e7f9fa0ea6222785a9752136ccf2675289c4e736e3713ebbfbf6deb80
-
Size
6.0MB
-
Sample
220503-xyftasdbdl
-
MD5
c3b3253336dda75f4759cbb14709ebb7
-
SHA1
1d271952c9091a7de8e3021fb6f0d939c39aef13
-
SHA256
e1e4d09e7f9fa0ea6222785a9752136ccf2675289c4e736e3713ebbfbf6deb80
-
SHA512
d813a15e48dd1aa4c98bec9a75b52631de63781c34b2c41431e30c01cf9d577d7489ac711f0a54734d880dc05dda47652e7832987cfbe605291c54a28a389f3b
Malware Config
Targets
-
-
Target
e1e4d09e7f9fa0ea6222785a9752136ccf2675289c4e736e3713ebbfbf6deb80
-
Size
6.0MB
-
MD5
c3b3253336dda75f4759cbb14709ebb7
-
SHA1
1d271952c9091a7de8e3021fb6f0d939c39aef13
-
SHA256
e1e4d09e7f9fa0ea6222785a9752136ccf2675289c4e736e3713ebbfbf6deb80
-
SHA512
d813a15e48dd1aa4c98bec9a75b52631de63781c34b2c41431e30c01cf9d577d7489ac711f0a54734d880dc05dda47652e7832987cfbe605291c54a28a389f3b
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-