General
-
Target
PolyCode.exe
-
Size
20.4MB
-
Sample
231012-m1p5msge55
-
MD5
8146fca1182d7f5d8e38ffd5c5c46d55
-
SHA1
46bc35a68538f83d5b91a46c5ea27149a811e8eb
-
SHA256
deae936c8c8e6deb9af3e7a63102ba3a4452fbfb6ba0a66f9b3d738d1666adba
-
SHA512
47319feac5b341b39c32425c3238aa0cebe77cc6d6d0882527e246d05e11f121af75c39169cb9c48c8e193992ad770ea2426a4c430cdd9554d81c4918c8d014e
-
SSDEEP
393216:OwY2pMr7M5li8DfDu/m3pKMpfaMPjRMR8atzdKJd/Z:OwY2g7M5l3biKKuf9Pj6Rnq
Malware Config
Targets
-
-
Target
PolyCode.exe
-
Size
20.4MB
-
MD5
8146fca1182d7f5d8e38ffd5c5c46d55
-
SHA1
46bc35a68538f83d5b91a46c5ea27149a811e8eb
-
SHA256
deae936c8c8e6deb9af3e7a63102ba3a4452fbfb6ba0a66f9b3d738d1666adba
-
SHA512
47319feac5b341b39c32425c3238aa0cebe77cc6d6d0882527e246d05e11f121af75c39169cb9c48c8e193992ad770ea2426a4c430cdd9554d81c4918c8d014e
-
SSDEEP
393216:OwY2pMr7M5li8DfDu/m3pKMpfaMPjRMR8atzdKJd/Z:OwY2g7M5l3biKKuf9Pj6Rnq
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-