Extracted

• • Target

    toba22bbc.exe

  • Size

    977KB

  • MD5

    13348cb1966e434e5cb63b82e42291b7

  • SHA1

    0c8c616bbdf2b7996358142af6a6ba886fc2b2a9

  • SHA256

    edcf7182460deb84c07d79968ebb518cc9c8611148a4eb0e1e37b78ff175f275

  • SHA512

    0c9f23bd9e17dad82ae5a634ac92f252e522f76de693e82210449bcb08e6038880a8a4a028632cd74764d2778f141d0cfd39754ee06348007e1b90968654643b

  • SSDEEP

    24576:8FUrdbfahvepYoeyAmzhocZn+M+WGDBGkV:8Yb1bPhoCnD+WGIkV

  Score

  10^/10

  collectionspywarestealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2