General
-
Target
478b56b4bb94071b46be10d483352c8a6c15e466c190b4215a92f1bdc36fec5f
-
Size
375KB
-
Sample
221003-r37jxsbfbm
-
MD5
51b99cc494a1ba7f71968db4d790bc50
-
SHA1
d138889df87cac96f1bb844321df1477d4141414
-
SHA256
478b56b4bb94071b46be10d483352c8a6c15e466c190b4215a92f1bdc36fec5f
-
SHA512
bc65837c1ad5882315ea3e0defe006771e4f86e1fe084eca8ab58be2077a41e0062b11fc2e2872f4f993e227e75d8b49bcd882e237f7b12f07493e0593135e8c
-
SSDEEP
1536:HgZ+bZdnXlyMiom0LGCgTC7OspiOwQpRXSFey:HgZ+bTX+2xgW60iOwrj
Malware Config
Targets
-
-
Target
478b56b4bb94071b46be10d483352c8a6c15e466c190b4215a92f1bdc36fec5f
-
Size
375KB
-
MD5
51b99cc494a1ba7f71968db4d790bc50
-
SHA1
d138889df87cac96f1bb844321df1477d4141414
-
SHA256
478b56b4bb94071b46be10d483352c8a6c15e466c190b4215a92f1bdc36fec5f
-
SHA512
bc65837c1ad5882315ea3e0defe006771e4f86e1fe084eca8ab58be2077a41e0062b11fc2e2872f4f993e227e75d8b49bcd882e237f7b12f07493e0593135e8c
-
SSDEEP
1536:HgZ+bZdnXlyMiom0LGCgTC7OspiOwQpRXSFey:HgZ+bTX+2xgW60iOwrj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-