General
-
Target
PlanetsTherapy.rar
-
Size
69.6MB
-
Sample
231029-2h5vpshf6v
-
MD5
8f4c3e1f1cbf9aee5d3cdaeac297d48a
-
SHA1
3e8ea96bf5ecd850dba6803bcd84a83b0f4ded67
-
SHA256
44e3a3d176c7751efbaf1b153a0be7e54a25fd6ab2179a5d518b907a7042371e
-
SHA512
117671d7a00b944d6c261fcbcdb61bb7f32f01424c2a5a97d46090c8624e09ebcb4f91c6f8f6bce0a22edae6a67ae5d778d37eb821ef5a221ca73dbf4ca82e3c
-
SSDEEP
1572864:uKGJXB5ZcK0YVKZqjWaZ1xvwKBkiYcdo9lja4kXaMiG+B:yJXB5ZcVAKZqjWaZISFYRXajXiG+B
Malware Config
Targets
-
-
Target
PlanetsTherapy.exe
-
Size
69.5MB
-
MD5
475344ae7dbd54b24861fc8ad9eaf319
-
SHA1
8a2457572cb4dd3ff9dc5eb194c78efa86e71860
-
SHA256
80499e0fcddb1f78cafdb48d178ed8bc75b4bbe4698afd1a0bdce1332242329a
-
SHA512
9c8da6c946b6fe7452d3ea79b5ac19f36fa7f948531e9c0cb36f2e9290f22b2b83b5b73b536493f8fb7ca23e1144449e4a56378b09b1835e19b92a29dad0b67e
-
SSDEEP
1572864:N05kJopxP7+/3yfYHleQcTe/FEd67As/phgX4dYdDt9QxFqVqs:NMpxTAQYHEQcTeOd60sh89QxFqYs
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-