555f88b245ceee8f51243a2dd7bd51c11d213f88a58b78659f8781176954a685

General

Target

555f88b245ceee8f51243a2dd7bd51c11d213f88a58b78659f8781176954a685
Size

1.6MB
Sample

220725-tpxtnsdfe2
MD5

a3ecf903e0ee1f392efbd7af61062032
SHA1

237c6daeab86c669b1c821e13c2ec119845d108d
SHA256

555f88b245ceee8f51243a2dd7bd51c11d213f88a58b78659f8781176954a685
SHA512

c803f9a51dc654d6da039d05ee195202a0c6a049e7101b75c78c9783f4269c1eb20c4a76b68c172cb94e54fe03c9e38554d6c8405ca741ec112b6b751c0ccc66

Score

8^/10

Malware Config

Targets

- Target
  
  555f88b245ceee8f51243a2dd7bd51c11d213f88a58b78659f8781176954a685
- Size
  
  1.6MB
- MD5
  
  a3ecf903e0ee1f392efbd7af61062032
- SHA1
  
  237c6daeab86c669b1c821e13c2ec119845d108d
- SHA256
  
  555f88b245ceee8f51243a2dd7bd51c11d213f88a58b78659f8781176954a685
- SHA512
  
  c803f9a51dc654d6da039d05ee195202a0c6a049e7101b75c78c9783f4269c1eb20c4a76b68c172cb94e54fe03c9e38554d6c8405ca741ec112b6b751c0ccc66
Score

8^/10

persistence collection evasion spyware stealer trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2