Extracted

• • Target

    424879b9429fcf6cf0fe3c8b2cb5670e689497cc4bbb1ea9115585dc6e931ac3

  • Size

    2.2MB

  • MD5

    56d79c2e80c07da469b2e00bcf381659

  • SHA1

    6457303dbff935177216468ae22d865d2706797e

  • SHA256

    424879b9429fcf6cf0fe3c8b2cb5670e689497cc4bbb1ea9115585dc6e931ac3

  • SHA512

    f9936a1abfb21970b516fe220c11995e20ffee469b28986585dd03d7ee20879a673d4b81727f10314069a80d523e5f21cd7ac77ab3c4164abe0722f1b8ebd68e

  • SSDEEP

    24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABt3:PBozBdhEV7q8bOQnIFWY+3Je0wf

  Score

  7^/10

  discoveryspywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1