General
-
Target
Payment.zip
-
Size
469KB
-
Sample
230802-hz84xaed8v
-
MD5
c09f8c374508290a9bc26f876e157e26
-
SHA1
8ca7af0ebe2925e4c0b991913900497cd77cb3be
-
SHA256
d0f088ccb3700e2816db311fcc17cd06a9170d9d1d5f81479121f758e222f02f
-
SHA512
0ad88e4c14211b3b9dc2dedddb63e2963f641bfceb775aa1c50c691c50dfb6606c01877b247b8d6b8acf7b8805b6ae125c69849477d84fe59f5a98c5ce72b772
-
SSDEEP
12288:RW32ZtjEAHroFfxwPOB391oKrcWBz+v4Ff1f4bDx:RLZpxHcFfH3EKrjd68f16Dx
Malware Config
Targets
-
-
Target
Payment.exe
-
Size
789KB
-
MD5
560dc3a8bd46150714835484660cb12f
-
SHA1
90a571658ff653295a90a1c59e9bf1e0f2f12a7d
-
SHA256
9ec26251cd3ecfd1b63b02ff4b70961724f9aa4ee2fc1390de80bab52286f586
-
SHA512
f8d5426d41eb6f1062f8b8866e9e57911a0a8128fbaf2fddc7acf20ade58baf3d648557bdf4d10ff2a8964f1c0adc411e01ef7cf8ec4283b1e985b0f77a7d226
-
SSDEEP
24576:1ayAz0prVGFtbfsQ5JrpppNpppppoOQpppNpppppoO:ZE0pZGTIQ5JaO7O
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-