General
-
Target
c11950d0a98d14d155cca77b12124f1be35348aa07af6871c25d66847d95f720
-
Size
1.0MB
-
Sample
221003-b7yvksbbc4
-
MD5
6f420990f386f0e8a1c613b41a7b5310
-
SHA1
ead40bc7301f42c837ef849bfc29329550acfb65
-
SHA256
c11950d0a98d14d155cca77b12124f1be35348aa07af6871c25d66847d95f720
-
SHA512
958f0656edcd1f439ae54bb2d1d397ca85196142404bbd9808466dddf1b0f5c8dd3266cc7755b2d69763359cb2ebab79a26e9a3211d57019cfb603332aef3147
-
SSDEEP
24576:uKAQ5uL2wrRS8SpNvWeJ8vmXt2TPQMLMcezl3x1nFNi0w:uc7wrat0LUphnsb
Malware Config
Targets
-
-
Target
c11950d0a98d14d155cca77b12124f1be35348aa07af6871c25d66847d95f720
-
Size
1.0MB
-
MD5
6f420990f386f0e8a1c613b41a7b5310
-
SHA1
ead40bc7301f42c837ef849bfc29329550acfb65
-
SHA256
c11950d0a98d14d155cca77b12124f1be35348aa07af6871c25d66847d95f720
-
SHA512
958f0656edcd1f439ae54bb2d1d397ca85196142404bbd9808466dddf1b0f5c8dd3266cc7755b2d69763359cb2ebab79a26e9a3211d57019cfb603332aef3147
-
SSDEEP
24576:uKAQ5uL2wrRS8SpNvWeJ8vmXt2TPQMLMcezl3x1nFNi0w:uc7wrat0LUphnsb
Score8/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-