General
-
Target
0fb2ff8d76662e331c36e00691d5f982.bin
-
Size
586KB
-
Sample
230816-be5sesga9t
-
MD5
fbc69350edf7859aabc62a977e9196e1
-
SHA1
86d35579dc882664b151e5a10e30e5d27df46fce
-
SHA256
95891e11de8aee3e86658c33914f928c67ad5f5ea73f222c55d026bbbc57ea04
-
SHA512
b4a833e939e6e89e86dfc5b4c7f63ae3a63d9b8ca8db0c61d9c3c8fcfb39243160a4a18a0c8480ac0079f4b211401e7fda2a5bd5664d7b9bb6069e1f76de3068
-
SSDEEP
12288:QpKBmUqbBLKnI2J5bqcgPYt0cDKxYC+T45NSQck6Ycdyv8O3tHO3:QPgI0pTq4AYC+T45NS8iUNO3
Malware Config
Targets
-
-
Target
40c36e5d6cec1bac32779ed8e2e2dceceae01a70115a23d3b3d32e9c56db86b3.exe
-
Size
692KB
-
MD5
0fb2ff8d76662e331c36e00691d5f982
-
SHA1
dd19b432ee218f6a8bb9c944c12cf56c285133cd
-
SHA256
40c36e5d6cec1bac32779ed8e2e2dceceae01a70115a23d3b3d32e9c56db86b3
-
SHA512
b4bfc16644dd07d864a8a7f2a55f0e3d8f12c74f72ba65c4eb8f29be337dd173c432de90f99afd679ce49c52507eddfe27a9c20cddb353caa9d1f1167d3dd3ae
-
SSDEEP
12288:Pyaa4lrr4M3xqb8062XutKTALOitQrmYatFkSS63G7HMfGOT9d+zkubR9+h9:Pyz4lX8+wcLOijaSS627sfzWQu
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-