General
-
Target
cdb783b80c0a2df75b038b990d5cb30734a5600f645a44a93fce9008e46eb6cd
-
Size
136KB
-
Sample
221124-shpdaafc5s
-
MD5
7f06fe8ed1368c414e2c5ca868121bd7
-
SHA1
375dd9b836940e1467733f4add28fbd091064e50
-
SHA256
cdb783b80c0a2df75b038b990d5cb30734a5600f645a44a93fce9008e46eb6cd
-
SHA512
89ebfd624dc92b8b5a6c0f4a8d5ab9285ca7baa2f3367ca9e1bee5856104e4697d1da7c80aab487dd014d5daa6f5978dcc6cf5037976bb139bf19268b69b6f2e
-
SSDEEP
3072:773svvrRFIrNpR0FyLBhtBB8zTQei1eJebIFK+XGuYOjr+utBD2At0DIZ192CiIJ:nMFBQsK1g7CCiuQhI
Malware Config
Targets
-
-
Target
cdb783b80c0a2df75b038b990d5cb30734a5600f645a44a93fce9008e46eb6cd
-
Size
136KB
-
MD5
7f06fe8ed1368c414e2c5ca868121bd7
-
SHA1
375dd9b836940e1467733f4add28fbd091064e50
-
SHA256
cdb783b80c0a2df75b038b990d5cb30734a5600f645a44a93fce9008e46eb6cd
-
SHA512
89ebfd624dc92b8b5a6c0f4a8d5ab9285ca7baa2f3367ca9e1bee5856104e4697d1da7c80aab487dd014d5daa6f5978dcc6cf5037976bb139bf19268b69b6f2e
-
SSDEEP
3072:773svvrRFIrNpR0FyLBhtBB8zTQei1eJebIFK+XGuYOjr+utBD2At0DIZ192CiIJ:nMFBQsK1g7CCiuQhI
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-