General
-
Target
release.exe
-
Size
69.1MB
-
Sample
230627-qvlrtaeb96
-
MD5
416f464d090adca1d0ad6059ff561f98
-
SHA1
f81fc4aca84bcef15d45035d900c3f1138708074
-
SHA256
7ba8b762a43e9f6d4c7d6c15a54106fe0c18c0a3783a47933433b0c6325ec340
-
SHA512
ff2921a4cd268fc83851356154177bf27acdf740681b75844446630b2b5df6b63ab8942874eaa72afbf0f3c5f88a50437d7de857523e1c5b9a935823de161687
-
SSDEEP
1572864:hjddGv8WaIbC90Jp/JBfGJVZMIvP7NSZAauAgRdwIE1caoCyM0Lz:xGv8Wa390J9Hfa1LNSuaXgY5uLz
Malware Config
Targets
-
-
Target
release.exe
-
Size
69.1MB
-
MD5
416f464d090adca1d0ad6059ff561f98
-
SHA1
f81fc4aca84bcef15d45035d900c3f1138708074
-
SHA256
7ba8b762a43e9f6d4c7d6c15a54106fe0c18c0a3783a47933433b0c6325ec340
-
SHA512
ff2921a4cd268fc83851356154177bf27acdf740681b75844446630b2b5df6b63ab8942874eaa72afbf0f3c5f88a50437d7de857523e1c5b9a935823de161687
-
SSDEEP
1572864:hjddGv8WaIbC90Jp/JBfGJVZMIvP7NSZAauAgRdwIE1caoCyM0Lz:xGv8Wa390J9Hfa1LNSuaXgY5uLz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-