General
-
Target
e596553296fa9c52d6c8284782e918693891dbf2
-
Size
724KB
-
Sample
230201-p9qhwadc67
-
MD5
ddd0b286e3d2e192bec5beae7c9222a3
-
SHA1
e596553296fa9c52d6c8284782e918693891dbf2
-
SHA256
8c61d194e68c94fcc2c577a5d61a697698c7aba068807c648e17ac4b93351dc2
-
SHA512
d1d7a6e95d62805a6071084cd5706d89b5956b19b3de2b1a9b5f5b03df1a6ed68422ec275f1a51328be63717459670334393c77fcef6d1e33260973545593859
-
SSDEEP
12288:S2T40+w0DtzsROLdrClNDndaIuxAe/CE1OOGOO/OOR8ljwXcd7wJErzqQt26VJYt:4zsYxcNDndNuxAe/CEUSKIiWOjHgiATk
Malware Config
Extracted
Protocol: smtp- Host:
mail.unrc.ir - Port:
587 - Username:
[email protected] - Password:
Basiri@1334
Targets
-
-
Target
e596553296fa9c52d6c8284782e918693891dbf2
-
Size
724KB
-
MD5
ddd0b286e3d2e192bec5beae7c9222a3
-
SHA1
e596553296fa9c52d6c8284782e918693891dbf2
-
SHA256
8c61d194e68c94fcc2c577a5d61a697698c7aba068807c648e17ac4b93351dc2
-
SHA512
d1d7a6e95d62805a6071084cd5706d89b5956b19b3de2b1a9b5f5b03df1a6ed68422ec275f1a51328be63717459670334393c77fcef6d1e33260973545593859
-
SSDEEP
12288:S2T40+w0DtzsROLdrClNDndaIuxAe/CE1OOGOO/OOR8ljwXcd7wJErzqQt26VJYt:4zsYxcNDndNuxAe/CEUSKIiWOjHgiATk
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-