General
-
Target
91001ad23fae778523eedd0739faabcddcfd6ebcbd27523cfd7d1501c200150a
-
Size
466KB
-
Sample
221204-nwphzseh55
-
MD5
d683e36b7abc622bf87a0cee14a9963d
-
SHA1
2ba518988d9c7c3785b962011e6ab6838edfbad3
-
SHA256
91001ad23fae778523eedd0739faabcddcfd6ebcbd27523cfd7d1501c200150a
-
SHA512
717ccf730328e4f0fd96ddb7801bf7032afe54e5eb1544135634b6d35b788c41629b78fe3f912948e6bc95076b09f67f3f21e707c19b1487d0a43e495635649e
-
SSDEEP
6144:DaF3Azdy7vq/foLOVGZgAxVZxNWU1ObChMhbo4m6zvT8MPOPwsqH+l:DaaU7CXo7gAFKU1ObiN4zvwrYsb
Malware Config
Targets
-
-
Target
91001ad23fae778523eedd0739faabcddcfd6ebcbd27523cfd7d1501c200150a
-
Size
466KB
-
MD5
d683e36b7abc622bf87a0cee14a9963d
-
SHA1
2ba518988d9c7c3785b962011e6ab6838edfbad3
-
SHA256
91001ad23fae778523eedd0739faabcddcfd6ebcbd27523cfd7d1501c200150a
-
SHA512
717ccf730328e4f0fd96ddb7801bf7032afe54e5eb1544135634b6d35b788c41629b78fe3f912948e6bc95076b09f67f3f21e707c19b1487d0a43e495635649e
-
SSDEEP
6144:DaF3Azdy7vq/foLOVGZgAxVZxNWU1ObChMhbo4m6zvT8MPOPwsqH+l:DaaU7CXo7gAFKU1ObiN4zvwrYsb
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Suspicious use of SetThreadContext
-