General
-
Target
708415278200.exe
-
Size
1.0MB
-
Sample
230808-qf3f1sec61
-
MD5
158748c68c6020ea891efa8286390152
-
SHA1
07a4eedeccca3144728289594780ce483a6349a4
-
SHA256
1e1ff24f4fb7e44eb28295debcc6a6ea5015361253d18a90daeecbb1bd2afa34
-
SHA512
ac8d4796acb776a0f38d191cbf48ac3cdcb55457153daaa9911fd8efdb5aff0b9c6da2d6b5065905a8ca12d961b36d0dadfb6b853f2795ecd6bdea123b2b453c
-
SSDEEP
24576:11I1R1I1nRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOLOgu0V5dGclWzD:1GvGRRs6CE3jLbO9Rs6CE3jLbORu0Pdo
Malware Config
Targets
-
-
Target
708415278200.exe
-
Size
1.0MB
-
MD5
158748c68c6020ea891efa8286390152
-
SHA1
07a4eedeccca3144728289594780ce483a6349a4
-
SHA256
1e1ff24f4fb7e44eb28295debcc6a6ea5015361253d18a90daeecbb1bd2afa34
-
SHA512
ac8d4796acb776a0f38d191cbf48ac3cdcb55457153daaa9911fd8efdb5aff0b9c6da2d6b5065905a8ca12d961b36d0dadfb6b853f2795ecd6bdea123b2b453c
-
SSDEEP
24576:11I1R1I1nRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOLOgu0V5dGclWzD:1GvGRRs6CE3jLbO9Rs6CE3jLbORu0Pdo
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-