General
-
Target
9227cbee36d5126fbce6d8cb98160cbe0dc6139e3bcb00367ba7ac298ea5c8a6
-
Size
5.7MB
-
Sample
220511-3adlxsfcgq
-
MD5
c0bf911b48a2060b4e0db055251e9316
-
SHA1
9c79fdac18530a5e349ba3d133563e75ee78a87c
-
SHA256
9227cbee36d5126fbce6d8cb98160cbe0dc6139e3bcb00367ba7ac298ea5c8a6
-
SHA512
ebfc139284e11131b4b98212d07f518a8a29bd0c242636df2c6803a4c6a44f3b8e114988c3dc57a8a6dbff1a53f5f37a2b3aa65eae5f8500f36745be5e2a4630
Malware Config
Targets
-
-
Target
9227cbee36d5126fbce6d8cb98160cbe0dc6139e3bcb00367ba7ac298ea5c8a6
-
Size
5.7MB
-
MD5
c0bf911b48a2060b4e0db055251e9316
-
SHA1
9c79fdac18530a5e349ba3d133563e75ee78a87c
-
SHA256
9227cbee36d5126fbce6d8cb98160cbe0dc6139e3bcb00367ba7ac298ea5c8a6
-
SHA512
ebfc139284e11131b4b98212d07f518a8a29bd0c242636df2c6803a4c6a44f3b8e114988c3dc57a8a6dbff1a53f5f37a2b3aa65eae5f8500f36745be5e2a4630
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-