General
-
Target
ef02fb4f649d5e2eb998a2874cae6c62.bin
-
Size
622KB
-
Sample
231008-c58sfahf5y
-
MD5
0fc38d3489f7425b666f06c676003345
-
SHA1
8d114be6a85fd6f1ae7a155caa5202a2b1fbeeb1
-
SHA256
37b4747d30017cb76c49350b9b961a3119752ef347df00fbdf6428f8289eda1b
-
SHA512
b49f8baf8319b6bec965431373d9c28b3e6f3eb5509c4d426ee01695fe284f8d2ffe54a2ce05a65d936c421ebf2e9ebd39bbf216fc3ccef783a4237c0645dc11
-
SSDEEP
12288:prdrOHM+/ptmwmfyw/WKpufcAwsFPq/A9bMvxBXijpVpg9slkogKYC0:vQrcwcyUWKipdSAyxBX6V+6QKYf
Malware Config
Extracted
Protocol: smtp- Host:
premium89.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
pounds123@@@
Targets
-
-
Target
4fa066bf81e73be8c55139382fba7c7c33fbf12d2a28a6d8d55e09f8b430190b.exe
-
Size
672KB
-
MD5
ef02fb4f649d5e2eb998a2874cae6c62
-
SHA1
7d31f87a699cf019d0d83b79520e4f14320e0918
-
SHA256
4fa066bf81e73be8c55139382fba7c7c33fbf12d2a28a6d8d55e09f8b430190b
-
SHA512
383b0026abb4cc6186e06fced24e86f3237e5186896c17ce5c6f9eccae3db0d71062cc7bab4111299fbf4df2928dfc494bc144eb87b8ceb29f6afbfd293c1608
-
SSDEEP
12288:miz7s9zVTOMjwGEK21xIwPgkVssbDpBCAJfKC55QJ+TjBA9wjhrDtIu5jwqZ:miz7s9zpOywGN21+wmIDiAhVTjBKwjxB
Score10/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-