General
-
Target
Order confirmation PO 45003271..pdf.rar
-
Size
3KB
-
Sample
221004-aarvbsdbe7
-
MD5
75a4b9e10e350aae9505fc083a0e59e7
-
SHA1
b79de5970d0de8bb81f8a5a197893f0e748803e9
-
SHA256
7ecf63c971db2afcfa4a306a89f2349cb7c055cdd3a4fd7075900171a4a36ac3
-
SHA512
ffe1945808bd9d6afe9e6ecc6e28e2b45cbea08ea7973d57fd3662a131657767e1bdc2ab0a489f17845d357e4bd5c535fcc793bc576c8770d454c3f9fcb17672
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwuma22
Targets
-
-
Target
Order confirmation PO 45003271..pdf.exe
-
Size
7KB
-
MD5
682df38aa925e2d7c9480746773030fe
-
SHA1
f2af8f28ad6b2812aaeed16477cb711bf1e48235
-
SHA256
121a361c245e43e5af7e9f0279bb9c908dc19f4c492551e7ef816efab6521c57
-
SHA512
0a5de589ec4fe00dd12178d06af5a30de05088c999eb50d8b4af069b9c5f2acc7717a110ea4c91f019f93c9ca129e2bc1bab4c97c7719c7ce7d820c1a625c0fe
-
SSDEEP
96:zipNvukzybEQxtzClyUXwEziUDYH0XCTMxSVFfMQG3MYBQ2EFnU:8Bzy5tzClyU6UDYH0kCSVWvfQ2F
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-