General
-
Target
c82c7ecdcf5bf82e7e2d89b219900e126cd6ad1819c07ebaac506e3943cb80d1
-
Size
135KB
-
Sample
221129-q1bh2aea35
-
MD5
b528a46333d4c07c9277d8f5c5606442
-
SHA1
e415d02e45d7fe545d5d3c5d714aac3b503e850a
-
SHA256
c82c7ecdcf5bf82e7e2d89b219900e126cd6ad1819c07ebaac506e3943cb80d1
-
SHA512
bbfb2fb2da0f2686ff61d2093f4d5ef7f2c26afed7f8ca15189fd491dfc1e8d3f3b57f5eb78539e9fc365504fa0594fedd1164ff4e8d93ec78ea3ac358ebfea6
-
SSDEEP
3072:EMyRNF26v44443D4444444444444444444444444Rn444/mvp86gkaekNOAHDE8J:u3AImvFgFexv8Osiw
Malware Config
Targets
-
-
Target
c82c7ecdcf5bf82e7e2d89b219900e126cd6ad1819c07ebaac506e3943cb80d1
-
Size
135KB
-
MD5
b528a46333d4c07c9277d8f5c5606442
-
SHA1
e415d02e45d7fe545d5d3c5d714aac3b503e850a
-
SHA256
c82c7ecdcf5bf82e7e2d89b219900e126cd6ad1819c07ebaac506e3943cb80d1
-
SHA512
bbfb2fb2da0f2686ff61d2093f4d5ef7f2c26afed7f8ca15189fd491dfc1e8d3f3b57f5eb78539e9fc365504fa0594fedd1164ff4e8d93ec78ea3ac358ebfea6
-
SSDEEP
3072:EMyRNF26v44443D4444444444444444444444444Rn444/mvp86gkaekNOAHDE8J:u3AImvFgFexv8Osiw
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-