General
-
Target
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
-
Size
270KB
-
Sample
220612-2tn2bseed6
-
MD5
a937b808651c5278b0d41a24db7db03c
-
SHA1
6101369439607b2b301d14321ae61b8590ac6070
-
SHA256
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
-
SHA512
64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26
Malware Config
Targets
-
-
Target
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
-
Size
270KB
-
MD5
a937b808651c5278b0d41a24db7db03c
-
SHA1
6101369439607b2b301d14321ae61b8590ac6070
-
SHA256
1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e
-
SHA512
64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-