General
-
Target
29304a9db113f249f6a24f0671b2656a3693287c70af4266c9082abf4139f8b4_JC.zip
-
Size
545KB
-
Sample
230818-raecnsac38
-
MD5
a200e6e91dbde3bbf1e48b7e98475a1c
-
SHA1
f54e162c53c457c568b0e36a554c5d8e6ba82814
-
SHA256
29304a9db113f249f6a24f0671b2656a3693287c70af4266c9082abf4139f8b4
-
SHA512
cc10dac15b9abb7db00e645de94fe2d89cd435c040d5788958812cc78c3d0b83b7c55b13a73ef9257750c5492d03c50453cf6c9dd09ef2b5514090a93629f7dc
-
SSDEEP
12288:8v/fhme3RaJfMmOgaFBektBmgmakdKIe49e5uZU7Uq53ixu4Hb7rf6Zc:8v/Jm1DOgkjkfc1Me5yk+7rfMc
Malware Config
Targets
-
-
Target
JUNE-JULY SOA 2023.exe
-
Size
914KB
-
MD5
382900b91b892429fda5b03e198b5ed9
-
SHA1
64e1b587318ab70dc2ec46fc968cbb5bcf84c606
-
SHA256
ef5087af3afc45066f1481f147c17a071bf985d8390c9770c07949101bbf239b
-
SHA512
fd7672ec267c9e92fe50fae746a8ea6eebfa21ded1dc61999bc8f4e874685502523a8d363e1456499833c522c66a4ac1fb00af9dabc02b84ede252f9239ce6c1
-
SSDEEP
24576:juUYxtHt2PfRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUODOgufMnuZs4b:juUYxtHt2PfRs6CE3jLbO9Rs6CE3jLbm
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-