General
-
Target
Satın Alma Sorgulama PDF (1).tgz
-
Size
777KB
-
Sample
231012-jmg1bsgh44
-
MD5
78c3556ad9f0efb8cbf598f968d3e892
-
SHA1
4c5cf383eae0a035e6edb23be2078b4fc9f956a1
-
SHA256
515090feda9b4dd48ba138d32e1deee6c229cbfe7dd75671b92cdcf1549fcc28
-
SHA512
26aea4a66f58b7f1260177cf948805e3dd4bd29c84d37af7334a4a71fb4a9220e1049d6718686514db945ed30dc21a54386674e70581a5e253ba968861b04299
-
SSDEEP
3072:rCDybAeyVNydGMlkaq7ncF7ta9IkX+VBF7n+JZE:rmyb2koMM7cJtAIxBF7n+DE
Malware Config
Targets
-
-
Target
Xmmup.exe
-
Size
667.6MB
-
MD5
2b7bb4a6c13415893feb730b6b9f5f8e
-
SHA1
551120e3f5b69f6a747612b70c307986cf8486fe
-
SHA256
09161388605a5acb243e6eb9fb3381b838b3c2d83fe5639e22846d2bdd3b9a1b
-
SHA512
120183f2d8f37c026cff54b74244f544b053c2c8546a909e7d6ce50f370d7f8b8517a11993006c3929fcaa1a1fc14d6ef2be774c312902416c332b74c7080d6b
-
SSDEEP
6144:RoIFX46LLGxpbhrzFGQNmzW/7WLUSxnVsNU04vNyY9nSEnXXCzEe2Ou1oPPy1FH1:RzmwwHkKD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-