General
-
Target
9d5ff41c22bde90c318f4f3eb0b8d75d7582ca3c54ae1ea1ddc8666f1298c23c
-
Size
535KB
-
Sample
220725-fcgd9sfcfj
-
MD5
9160dbb0f8cb800c517bfa988a1eaafb
-
SHA1
a370130363f5a4ade5dee9ad1df75e69d7165ef4
-
SHA256
9d5ff41c22bde90c318f4f3eb0b8d75d7582ca3c54ae1ea1ddc8666f1298c23c
-
SHA512
0e2cc51df54b5389e779b23ffa48c97c39c31462c1dafb99f6769b4cb6e399f7bc1c49a31682b6ff957a6be019c02290925f140b62d9cb2d4c75725e1a56e26e
Behavioral task
behavioral1
Sample
9d5ff41c22bde90c318f4f3eb0b8d75d7582ca3c54ae1ea1ddc8666f1298c23c.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
9d5ff41c22bde90c318f4f3eb0b8d75d7582ca3c54ae1ea1ddc8666f1298c23c
-
Size
535KB
-
MD5
9160dbb0f8cb800c517bfa988a1eaafb
-
SHA1
a370130363f5a4ade5dee9ad1df75e69d7165ef4
-
SHA256
9d5ff41c22bde90c318f4f3eb0b8d75d7582ca3c54ae1ea1ddc8666f1298c23c
-
SHA512
0e2cc51df54b5389e779b23ffa48c97c39c31462c1dafb99f6769b4cb6e399f7bc1c49a31682b6ff957a6be019c02290925f140b62d9cb2d4c75725e1a56e26e
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-