General
-
Target
f73831358076d17398cbedf3654da257f4ecae5288c04b318aea161974157edd
-
Size
1.6MB
-
Sample
220521-b9gn3sddf8
-
MD5
4defa2864456531dbb6c2577051cd5fb
-
SHA1
3d903723b94f83d8a3a5d2c362c0f77978cad7ac
-
SHA256
f73831358076d17398cbedf3654da257f4ecae5288c04b318aea161974157edd
-
SHA512
e10d918ec79df42300b5836cac0bbb967916d1bb4988b05669c18ad30c5ff60f334fbe0fd6c6512189098e790859cd8d5eb6d50449835fdb15da6ea9e9e383e6
Malware Config
Targets
-
-
Target
Precio de cuota_PDF__________________________________.exe
-
Size
1.7MB
-
MD5
5a5f14f3a9c00829257479be62b35766
-
SHA1
9851485c278e583398b28d1d0d56aaac6a4c5594
-
SHA256
2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17
-
SHA512
4563f4ed1783b3be861d923582b9c597c3373f68f39113e0fabec5936584cac18e459d82bbde6ce6ec74e18c1c40b4ec6afb1ff7bc9f4c60a83b2d4047e49e90
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-