General
-
Target
0336f85236b4add19780e082d59a8f1585575781
-
Size
450KB
-
Sample
230114-jgjlzagc8v
-
MD5
d95f453a9ebfa9e852611103ecd36f2f
-
SHA1
0336f85236b4add19780e082d59a8f1585575781
-
SHA256
cb4c05bf0a3cc9a2157b5b7799e3bdad472a0b677743ebb59803fa8934def97f
-
SHA512
3f0ecfd05da6c5750ce12fe2f35f1989f0f0530fc08280fc3c8d75a5450ecd172d636aeae0703ff44d11459a9ef36d4ccaf09faf6ac9d401b03e90e1219da042
-
SSDEEP
6144:qYa6f5//2aKCh/3NDrCpCdIJaFvQIKtWBIY0Vv7B5qh8+A9j+A:qYD//R/jXtv9KNke+A
Malware Config
Targets
-
-
Target
0336f85236b4add19780e082d59a8f1585575781
-
Size
450KB
-
MD5
d95f453a9ebfa9e852611103ecd36f2f
-
SHA1
0336f85236b4add19780e082d59a8f1585575781
-
SHA256
cb4c05bf0a3cc9a2157b5b7799e3bdad472a0b677743ebb59803fa8934def97f
-
SHA512
3f0ecfd05da6c5750ce12fe2f35f1989f0f0530fc08280fc3c8d75a5450ecd172d636aeae0703ff44d11459a9ef36d4ccaf09faf6ac9d401b03e90e1219da042
-
SSDEEP
6144:qYa6f5//2aKCh/3NDrCpCdIJaFvQIKtWBIY0Vv7B5qh8+A9j+A:qYD//R/jXtv9KNke+A
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-