General
-
Target
slimelegends.exe
-
Size
68.8MB
-
Sample
230609-vhxqrsde8v
-
MD5
799cedc308a7de0d51f32cde24892d58
-
SHA1
0c3e86d0a93d238be2b7716d5ed4da792f501ea1
-
SHA256
8e1997d64e84819549680dd74aebd604ccdeb82263828590866c6e09c8f42c21
-
SHA512
1da0563e6484f7fb1b3fbe46a55ee55e4e3120e9e50be6d626d95cd2df778a7a9e529c82f99d5919da0a1bbf27e6b70b428596a4ab96f778f6baee07d88f5d28
-
SSDEEP
1572864:ujddGvXxBcDF7EX6JBthhAQaRAVvhHUzqkbeIq6o3Lu0Cym0Ls:SGvXPqF7jHzmQ++Z8qkbeIqz3LueLs
Malware Config
Targets
-
-
Target
slimelegends.exe
-
Size
68.8MB
-
MD5
799cedc308a7de0d51f32cde24892d58
-
SHA1
0c3e86d0a93d238be2b7716d5ed4da792f501ea1
-
SHA256
8e1997d64e84819549680dd74aebd604ccdeb82263828590866c6e09c8f42c21
-
SHA512
1da0563e6484f7fb1b3fbe46a55ee55e4e3120e9e50be6d626d95cd2df778a7a9e529c82f99d5919da0a1bbf27e6b70b428596a4ab96f778f6baee07d88f5d28
-
SSDEEP
1572864:ujddGvXxBcDF7EX6JBthhAQaRAVvhHUzqkbeIq6o3Lu0Cym0Ls:SGvXPqF7jHzmQ++Z8qkbeIqz3LueLs
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-