General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19137.8960.exe
-
Size
733KB
-
Sample
230818-d1w4hsfb59
-
MD5
497bdf94667612340a526258dec87d30
-
SHA1
19a63a52f4d79d53ad78ab8651585d7a9d31c103
-
SHA256
4c15743287e80d5077f5bbd94c767bc734f1392abc330bb25d447b535efdae24
-
SHA512
d0d5e58dbfc5ac2cbdf12e07df666361f31ad6c04f147c31f67d02a674b26dac4939c69b72d3da0083cfcb13e4cf6ca59a536eb3ed37ff2f34ec398f75b35acd
-
SSDEEP
12288:oG7Q23/gPrk6A3/r6w64iX2qRozna3ZbmroVXEKgEETpdgMNpv4hckDcWO1jXSV3:Zbwrk6gOmE2qRoznImroVXEKHETpSMv0
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19137.8960.exe
-
Size
733KB
-
MD5
497bdf94667612340a526258dec87d30
-
SHA1
19a63a52f4d79d53ad78ab8651585d7a9d31c103
-
SHA256
4c15743287e80d5077f5bbd94c767bc734f1392abc330bb25d447b535efdae24
-
SHA512
d0d5e58dbfc5ac2cbdf12e07df666361f31ad6c04f147c31f67d02a674b26dac4939c69b72d3da0083cfcb13e4cf6ca59a536eb3ed37ff2f34ec398f75b35acd
-
SSDEEP
12288:oG7Q23/gPrk6A3/r6w64iX2qRozna3ZbmroVXEKgEETpdgMNpv4hckDcWO1jXSV3:Zbwrk6gOmE2qRoznImroVXEKHETpSMv0
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-