General
-
Target
e9d7ac8344ca51c7e82db7a8b076740dd66f073ac19e3e7035f4501590c40d9a
-
Size
521KB
-
Sample
221124-e2c8gaha59
-
MD5
e83a8bb1ec87ddaa5001285d4e753ac2
-
SHA1
359912ff3b47615960e0a325727fc4e9c0176b40
-
SHA256
e9d7ac8344ca51c7e82db7a8b076740dd66f073ac19e3e7035f4501590c40d9a
-
SHA512
051c897e8d5a2c404ca3aeb900042a6373105d8d4af21d21ddf06bbea3a593f24d04a532359a91e30d079f13da4f67ee4ceeab6e75d45a2bb4ff94ed08b98dcf
-
SSDEEP
6144:125mswOyIZjyMrmhc2TawSgaOt2da2k78qh90GiTwXw35lk9jgvy89:12wRIZgmTOJDz9fA35lk9N
Malware Config
Targets
-
-
Target
e9d7ac8344ca51c7e82db7a8b076740dd66f073ac19e3e7035f4501590c40d9a
-
Size
521KB
-
MD5
e83a8bb1ec87ddaa5001285d4e753ac2
-
SHA1
359912ff3b47615960e0a325727fc4e9c0176b40
-
SHA256
e9d7ac8344ca51c7e82db7a8b076740dd66f073ac19e3e7035f4501590c40d9a
-
SHA512
051c897e8d5a2c404ca3aeb900042a6373105d8d4af21d21ddf06bbea3a593f24d04a532359a91e30d079f13da4f67ee4ceeab6e75d45a2bb4ff94ed08b98dcf
-
SSDEEP
6144:125mswOyIZjyMrmhc2TawSgaOt2da2k78qh90GiTwXw35lk9jgvy89:12wRIZgmTOJDz9fA35lk9N
Score10/10-
UAC bypass
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-