General
-
Target
Obfuscated Name.exe
-
Size
4.5MB
-
Sample
220705-nbzhfsgefl
-
MD5
3f79ad2fe372116f5d14e0853436fc13
-
SHA1
6ed54b09f1b43923505700c5ae1de4eeed1d39f8
-
SHA256
d8f2fda07b89045e5be74831d2bcba51e70a3d918416ed7aae1ed0351f94e3a7
-
SHA512
c16592008e8f8ecc6fe8fd66a84b86c3ee2a08bab5b6486ef3122066cbfe0ac9060d81f2a27c9d6e700dc589d8a2e6ffa3b2657c7e9e300bda1a2ee07e4e7da7
Malware Config
Targets
-
-
Target
Obfuscated Name.exe
-
Size
4.5MB
-
MD5
3f79ad2fe372116f5d14e0853436fc13
-
SHA1
6ed54b09f1b43923505700c5ae1de4eeed1d39f8
-
SHA256
d8f2fda07b89045e5be74831d2bcba51e70a3d918416ed7aae1ed0351f94e3a7
-
SHA512
c16592008e8f8ecc6fe8fd66a84b86c3ee2a08bab5b6486ef3122066cbfe0ac9060d81f2a27c9d6e700dc589d8a2e6ffa3b2657c7e9e300bda1a2ee07e4e7da7
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-