General
-
Target
96896cf37c1e0e749e224441ed9572a0c9240db19fa274c1b13e8c6e3be404f1
-
Size
1.4MB
-
Sample
221129-fl9r6sgb48
-
MD5
4ea1f103dc3d829621ea378127716fd1
-
SHA1
333e0745f34805898efd68914065fba5f9ed0089
-
SHA256
96896cf37c1e0e749e224441ed9572a0c9240db19fa274c1b13e8c6e3be404f1
-
SHA512
a397f50329d107f60cc30a87e3022041b278f474bdb1dc3f55febea087004a534fdcf446a3669f79d2c27c919cf4ac23fe9c5d603e7fcac8856028398f1151e9
-
SSDEEP
24576:Or3+iy3ztYv/Rpjco/+sl6V6tkUmvE9EdaW75PS3qlekxxKn2wfq+NlKJcVbJepa:PtY3RP/jgShmZFSYeMxKn1fq+LK158co
Malware Config
Targets
-
-
Target
96896cf37c1e0e749e224441ed9572a0c9240db19fa274c1b13e8c6e3be404f1
-
Size
1.4MB
-
MD5
4ea1f103dc3d829621ea378127716fd1
-
SHA1
333e0745f34805898efd68914065fba5f9ed0089
-
SHA256
96896cf37c1e0e749e224441ed9572a0c9240db19fa274c1b13e8c6e3be404f1
-
SHA512
a397f50329d107f60cc30a87e3022041b278f474bdb1dc3f55febea087004a534fdcf446a3669f79d2c27c919cf4ac23fe9c5d603e7fcac8856028398f1151e9
-
SSDEEP
24576:Or3+iy3ztYv/Rpjco/+sl6V6tkUmvE9EdaW75PS3qlekxxKn2wfq+NlKJcVbJepa:PtY3RP/jgShmZFSYeMxKn1fq+LK158co
Score8/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-