General
-
Target
SOA 24 August 2023.bat
-
Size
943KB
-
Sample
230825-p65tdsde9y
-
MD5
cd906bc5eaeaec0ab92892fa08e8167f
-
SHA1
af7f8e1839d55bb61ac2b715f657aec63eea7e09
-
SHA256
70249c14b1e622eef7f76f457250cb280f7f6a1e76b76510b5158821d00ea47a
-
SHA512
c0a800f9a02b331a410793dd3de3f851478aacc5507b729e2282e57f0bb8ef80c0a136b580788461544782879ea0ef68f3103706beb45f98e4622793bd3b149c
-
SSDEEP
24576:Pe+BQLGhXLwTYqsMsAmMTqBx117pMItUOM0p6d:hzc411mEUGUd
Malware Config
Targets
-
-
Target
SOA 24 August 2023.bat
-
Size
943KB
-
MD5
cd906bc5eaeaec0ab92892fa08e8167f
-
SHA1
af7f8e1839d55bb61ac2b715f657aec63eea7e09
-
SHA256
70249c14b1e622eef7f76f457250cb280f7f6a1e76b76510b5158821d00ea47a
-
SHA512
c0a800f9a02b331a410793dd3de3f851478aacc5507b729e2282e57f0bb8ef80c0a136b580788461544782879ea0ef68f3103706beb45f98e4622793bd3b149c
-
SSDEEP
24576:Pe+BQLGhXLwTYqsMsAmMTqBx117pMItUOM0p6d:hzc411mEUGUd
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-