General
-
Target
208b0ac0027164a7feebd1bb4c9db90d27b7019ab6b49fe546a331e43cbe39c9
-
Size
613KB
-
Sample
230816-j6gtnsgh66
-
MD5
d8be0f2049b7937530a1694fe58763b8
-
SHA1
2bc0566d2aad4c19f9cd5b9fa2634dbaaea8602b
-
SHA256
208b0ac0027164a7feebd1bb4c9db90d27b7019ab6b49fe546a331e43cbe39c9
-
SHA512
98911d9b00e21a6e7f96caa1a2f9b6748d01bdd8a817b32c6028dfc660760b73d18188c9fc1d05a16755733575ac70670c0beb12d7f51a28c3f5149c539377e1
-
SSDEEP
12288:BkyFr6ogXgT32XcgRUXxfrHidQV4PaVCguYpY06k8R:BCPXmxjHi2MiFXW
Malware Config
Targets
-
-
Target
PO--080523-FM 06.exe
-
Size
780KB
-
MD5
ef9872c017473716478f16036dcc09a8
-
SHA1
51d443812ec2c0185fa7c9eb50643e95a2889f14
-
SHA256
6f4954a23f51c48f450992f809848da3a8bb5c1d7c4bc262332fa2507f1a1cc9
-
SHA512
70e5638f7e9682298fae323439bc43a4835c427a0999c2c42eb4ee5de40bebebd55a188e0e3730dff937d51706bc374ed7586b0a09c78bf7307860708ea45f2d
-
SSDEEP
12288:9XmYUJhz9u9GaG1/rVVPqUXvfrHMdQV4PKuyu+ZjF5oqt+yCXAV:IJu9tq/rbPpvjHM2MO9ZjF5oqotXAV
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-