General
-
Target
164517ae043b1e0ed0539a132001b786816361f26fc0dd1648ffd3a428c94718
-
Size
291KB
-
Sample
221030-sztz4ahcdr
-
MD5
835c431d44e546ac46f899466acff0e1
-
SHA1
b2426fe3d7ddf38ad26d100c7cbe9db1cc9e2b70
-
SHA256
164517ae043b1e0ed0539a132001b786816361f26fc0dd1648ffd3a428c94718
-
SHA512
c4d30704e773775fc6f8ae999a6ab5a32509dc1f4704910862db4b916a7e4cdd7080ed70cbc364719ffba69b6ba0e2911bc69fa8f9e8b1ef9e5ddaa62ed0f3e9
-
SSDEEP
3072:G3W+AbFKPxh4v94pRZy9uFQupoNmq3gNeJ7XRFWuBlEtRp37jSQN4RrWOFkHk:R+Ab8PxhKGpRZguszQeJ7JcJnuc
Malware Config
Extracted
Protocol: ftp- Host:
s316089329.online.de - Port:
21 - Username:
u57326293-test - Password:
sX9Fmdxq
Targets
-
-
Target
164517ae043b1e0ed0539a132001b786816361f26fc0dd1648ffd3a428c94718
-
Size
291KB
-
MD5
835c431d44e546ac46f899466acff0e1
-
SHA1
b2426fe3d7ddf38ad26d100c7cbe9db1cc9e2b70
-
SHA256
164517ae043b1e0ed0539a132001b786816361f26fc0dd1648ffd3a428c94718
-
SHA512
c4d30704e773775fc6f8ae999a6ab5a32509dc1f4704910862db4b916a7e4cdd7080ed70cbc364719ffba69b6ba0e2911bc69fa8f9e8b1ef9e5ddaa62ed0f3e9
-
SSDEEP
3072:G3W+AbFKPxh4v94pRZy9uFQupoNmq3gNeJ7XRFWuBlEtRp37jSQN4RrWOFkHk:R+Ab8PxhKGpRZguszQeJ7JcJnuc
Score10/10-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-