General
-
Target
605de924ffeeb14ab8113b1f8a2256be.bin
-
Size
596KB
-
Sample
230818-bwjaragb5y
-
MD5
e5d6830071b67877ad222782755ac8df
-
SHA1
e0ddb6b27127497585cf038d7f4544233d8be93f
-
SHA256
d8f3ac11c006434bf5364ef774fc4f5efff91dc2ca8c2348cb639166e4e64c1b
-
SHA512
20760c6416de5fefff5bc1aef2d54248ca2839a53a6a52d223e2287391f2a1bf8df35e7babe13cc5ff2fed6f44b7a100b7602a2d00638832c38b42b54e3d6245
-
SSDEEP
12288:ACIjd1Tj/VWHUoUMc9Rz10a0YuLSVlGaRFIUcWXKY/QB5paKZtj:ACI7TjVWjc9RR0a0YuLSV9Ity3isUtj
Malware Config
Targets
-
-
Target
ccb3e41aff5b7db4edec1584d33f82daee7b1869a25ca6f4283b42a04b897c82.exe
-
Size
619KB
-
MD5
605de924ffeeb14ab8113b1f8a2256be
-
SHA1
780295c3363231f6e7405effe3bf538545e9c3f2
-
SHA256
ccb3e41aff5b7db4edec1584d33f82daee7b1869a25ca6f4283b42a04b897c82
-
SHA512
a2e59055a71baad639d4f423ae8f521e6916dffd7793d4f1b8a07115b66441b697f40dd4e078d22f42b0ee89c03dd8b0cfde8fc64b9182d00958a1390f6d5dd9
-
SSDEEP
12288:K0Dl+C42xjWguvhWP9XkPODlGL4FgNR8D1TdxQ/63qeDnvOAnI:v5V0WhGL0eqpTui2A
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-