General
-
Target
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7
-
Size
156KB
-
Sample
221203-wtz6psdc46
-
MD5
66a502dc76e48ece9d93b9b5818b4f10
-
SHA1
2e18c18e025b73870bed3bd5cbaa0981bf65cf7d
-
SHA256
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7
-
SHA512
f7e0847a10c008d87fe715eb551ee1f0957021e549d8a3b9104270d8ad25a9164fb46d14c05298bcb213bc49fa62738bae3b3f67a053716a49a5e1f02680891b
-
SSDEEP
3072:ilikxQUzHLV/sidu5k9AvVt7G9K7b+EdK5upvq9nV5P5ghIvX6gKEzeGAHVNVNbE:ilikxQU6w3BpiOh
Malware Config
Targets
-
-
Target
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7
-
Size
156KB
-
MD5
66a502dc76e48ece9d93b9b5818b4f10
-
SHA1
2e18c18e025b73870bed3bd5cbaa0981bf65cf7d
-
SHA256
1c3ff34a927847f718c004f19be84a23882b549ffaf1aa77f87c69b0f3c0a7e7
-
SHA512
f7e0847a10c008d87fe715eb551ee1f0957021e549d8a3b9104270d8ad25a9164fb46d14c05298bcb213bc49fa62738bae3b3f67a053716a49a5e1f02680891b
-
SSDEEP
3072:ilikxQUzHLV/sidu5k9AvVt7G9K7b+EdK5upvq9nV5P5ghIvX6gKEzeGAHVNVNbE:ilikxQU6w3BpiOh
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-