General
-
Target
93bc99905620661f100da9d687f3595976bab1fe19525c02ec25fc2599a0d418_JC.exe
-
Size
663KB
-
Sample
231010-wljhzshc45
-
MD5
6936e6c770ba9348a73df1515fde7f99
-
SHA1
7b42bc73b248c4f33a4bbe889577d28ac7e2b6f4
-
SHA256
93bc99905620661f100da9d687f3595976bab1fe19525c02ec25fc2599a0d418
-
SHA512
768ab6d17726741efc466d9b6c926fd3cc17aee8bab4df2b86358abeaea4565ebf7b6abf28ba02f362ff2eb2377fd78c5ab3d13fe373beb3b095b4bd393b37df
-
SSDEEP
12288:9R0mAxik5FyfxBeuXDDx+Y1Vd9ZBtYdyqJNMZu7s9TO:9amAEfxBeYDN+YfZBRqzP7s9TO
Malware Config
Extracted
Protocol: smtp- Host:
mail.nutrigefar.com - Port:
587 - Username:
[email protected] - Password:
UZXq+(D!ZA)M
Targets
-
-
Target
93bc99905620661f100da9d687f3595976bab1fe19525c02ec25fc2599a0d418_JC.exe
-
Size
663KB
-
MD5
6936e6c770ba9348a73df1515fde7f99
-
SHA1
7b42bc73b248c4f33a4bbe889577d28ac7e2b6f4
-
SHA256
93bc99905620661f100da9d687f3595976bab1fe19525c02ec25fc2599a0d418
-
SHA512
768ab6d17726741efc466d9b6c926fd3cc17aee8bab4df2b86358abeaea4565ebf7b6abf28ba02f362ff2eb2377fd78c5ab3d13fe373beb3b095b4bd393b37df
-
SSDEEP
12288:9R0mAxik5FyfxBeuXDDx+Y1Vd9ZBtYdyqJNMZu7s9TO:9amAEfxBeYDN+YfZBRqzP7s9TO
Score10/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-