General
-
Target
ACCOUNTING STATEMENT.zip
-
Size
536KB
-
Sample
230816-h11h6aad9t
-
MD5
c7c60aa159e7f977818395b5bc252248
-
SHA1
de780a5d88c0a7e571f6e48eb92673c2b20aa406
-
SHA256
938414723da0fea48ee1407cfd12c674dd3a397659e6ffb84fcaccb5e46d74c4
-
SHA512
f18cb0d8212023bd44a16893577944de2697f5f329de206b304cefbe580bf5c920c46c59d50925a5cd2f05559252d4579cacbb8847f86184b2cb86af0d8c2e7c
-
SSDEEP
12288:HzHuNswEOOOgaBleyjv+4Apqy3fiZfrgDbM:TOahOgSQsSfEcDbM
Malware Config
Targets
-
-
Target
ACCOUNTING STATEMENT.exe
-
Size
882KB
-
MD5
752f2c3589148fc83a4d602e4670faec
-
SHA1
84ae1cc5b764c406989a02818b3b33eba32359ec
-
SHA256
a5299852cbd114f85d0ef4a8605caf998214014e89348d7af5d9df0c096a8863
-
SHA512
e57d51d79b7130d745e7b752f30c1b4de07aaf009ad8325652e652711cb7b0760a75c26551dc266e300b5a29d982f3c588e0773d8205a9af82f17e7d2fb39794
-
SSDEEP
24576:M1YYRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOIOguc02ZccLbB:KZRs6CE3jLbO9Rs6CE3jLbOQub2HPB
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-