General
-
Target
Builder.bat
-
Size
5.9MB
-
Sample
231118-1b5exsge6z
-
MD5
62d7f61e3ced213440635db78ba58cdb
-
SHA1
9c0e46879657199654f3bfd4a27e643d0685e7d6
-
SHA256
c793754f215f952cfa073d77c61015de9705f93304ada3bf1ce704e22e3c81c3
-
SHA512
9860cb9866e09b617a6eb45d964b57dd0db9f4b5fb2978c52b59bc869d44eede57408a3a883b3c68934c256684fca87c7a7c2a161f2d38512308eaa82dfff5ec
-
SSDEEP
98304:yqEtdFBgvuamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RqBMPcv3lsuf:yRF0eN/FJMIDJf0gsAGK4RquPxuf
Malware Config
Targets
-
-
Target
Builder.bat
-
Size
5.9MB
-
MD5
62d7f61e3ced213440635db78ba58cdb
-
SHA1
9c0e46879657199654f3bfd4a27e643d0685e7d6
-
SHA256
c793754f215f952cfa073d77c61015de9705f93304ada3bf1ce704e22e3c81c3
-
SHA512
9860cb9866e09b617a6eb45d964b57dd0db9f4b5fb2978c52b59bc869d44eede57408a3a883b3c68934c256684fca87c7a7c2a161f2d38512308eaa82dfff5ec
-
SSDEEP
98304:yqEtdFBgvuamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RqBMPcv3lsuf:yRF0eN/FJMIDJf0gsAGK4RquPxuf
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-