General
-
Target
unpacked_payload.exe
-
Size
165KB
-
Sample
230131-lw4xkahf4z
-
MD5
0868d9608bc629bdc8ee88f608ed307b
-
SHA1
7a3f3a5cd72a46277cd0f6e4e4467b901b7f4238
-
SHA256
7f0d201d80f3d5c61c6c3c9c49d4bed8a55a2ca377b007cbb3ae59c94a78ac97
-
SHA512
299476991ef999880bde2f9464f05eb5c05df23bb7baf565c30a1a77f4308d29935b595d8521b5f032ed13634ba04cd3578479e8adc3cbb9177b32f9b609f876
-
SSDEEP
3072:Hsz57rzTsEIBOnM0rcTEkIAdEIGeUoyjcYejLPI4N:Hsz99rTBmlp/jLw4
Malware Config
Targets
-
-
Target
unpacked_payload.exe
-
Size
165KB
-
MD5
0868d9608bc629bdc8ee88f608ed307b
-
SHA1
7a3f3a5cd72a46277cd0f6e4e4467b901b7f4238
-
SHA256
7f0d201d80f3d5c61c6c3c9c49d4bed8a55a2ca377b007cbb3ae59c94a78ac97
-
SHA512
299476991ef999880bde2f9464f05eb5c05df23bb7baf565c30a1a77f4308d29935b595d8521b5f032ed13634ba04cd3578479e8adc3cbb9177b32f9b609f876
-
SSDEEP
3072:Hsz57rzTsEIBOnM0rcTEkIAdEIGeUoyjcYejLPI4N:Hsz99rTBmlp/jLw4
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-