General
-
Target
DHL Documentos de Envio Originales.exe
-
Size
542KB
-
Sample
230131-sdechsgg84
-
MD5
1cce91c32aa41200d5e1b635d7821f9e
-
SHA1
c1e800c42990352ecf452507da6ec0ebd9ccea72
-
SHA256
907b52c6e9a4b8fd598266e523ddd1dc11b7e2a9cf7898b896d7039f8b45dda4
-
SHA512
8658f3b290c919b2b849034c9800c14540f89d250b5fcbd549cfd76dfc668c2013fd62e4fed6d742465c5a1b7b0ae23e97f1e21ade99c38e37008a46254e495d
-
SSDEEP
12288:AiXgM6dnn8qTvA/hlzx9X3FXUQUqGFr8z9i7+pv1CWtO:rXJe1DmXzvVXU4GFr8zw6R0h
Malware Config
Targets
-
-
Target
DHL Documentos de Envio Originales.exe
-
Size
542KB
-
MD5
1cce91c32aa41200d5e1b635d7821f9e
-
SHA1
c1e800c42990352ecf452507da6ec0ebd9ccea72
-
SHA256
907b52c6e9a4b8fd598266e523ddd1dc11b7e2a9cf7898b896d7039f8b45dda4
-
SHA512
8658f3b290c919b2b849034c9800c14540f89d250b5fcbd549cfd76dfc668c2013fd62e4fed6d742465c5a1b7b0ae23e97f1e21ade99c38e37008a46254e495d
-
SSDEEP
12288:AiXgM6dnn8qTvA/hlzx9X3FXUQUqGFr8z9i7+pv1CWtO:rXJe1DmXzvVXU4GFr8zw6R0h
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-