General
-
Target
vn.cmd
-
Size
1KB
-
Sample
230821-lwb7jsdh7w
-
MD5
499f55b966d61f29f74befddef15c996
-
SHA1
ba12333bdd7ccf52b6c4b41c6bb83bbddcf68ddf
-
SHA256
63e8b5d09367fe20e502390f79e23207695666d2b2ceadf93aae4284b041bb9e
-
SHA512
70bc92cc61eeefafe9332c5cc11c277a74caaf9a9ddab8c5398df7a67ec09eba30eb0362c9c5c50792927ba5e511f142bd2967a73a9cbcef722521d2310405f7
Malware Config
Targets
-
-
Target
vn.cmd
-
Size
1KB
-
MD5
499f55b966d61f29f74befddef15c996
-
SHA1
ba12333bdd7ccf52b6c4b41c6bb83bbddcf68ddf
-
SHA256
63e8b5d09367fe20e502390f79e23207695666d2b2ceadf93aae4284b041bb9e
-
SHA512
70bc92cc61eeefafe9332c5cc11c277a74caaf9a9ddab8c5398df7a67ec09eba30eb0362c9c5c50792927ba5e511f142bd2967a73a9cbcef722521d2310405f7
Score8/10-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-