General
-
Target
Microsoft.exe
-
Size
14.4MB
-
Sample
231126-rlccfshh6t
-
MD5
7972e58136565bce42d9762851db95d2
-
SHA1
641c9500136a2d4490c540f4dd3d7c0ca99cdee1
-
SHA256
b39f0698f85138c54653eb109111fb37a915f6b752e4a4117f780153ab819045
-
SHA512
5b87168714bcf5de206f7736406ea4d1e0fe178adbf8a10804b4a06ddef3e534908bdb135e9e4425e5d7383d87a3711057f689dfad7c23f46727138938022e0b
-
SSDEEP
393216:GiIE7YoPQ5dQuslSq99oWOv+9fgfj0Tm+Nmw:H7rPQ5dQuSDorvSYfjr+V
Malware Config
Targets
-
-
Target
Microsoft.exe
-
Size
14.4MB
-
MD5
7972e58136565bce42d9762851db95d2
-
SHA1
641c9500136a2d4490c540f4dd3d7c0ca99cdee1
-
SHA256
b39f0698f85138c54653eb109111fb37a915f6b752e4a4117f780153ab819045
-
SHA512
5b87168714bcf5de206f7736406ea4d1e0fe178adbf8a10804b4a06ddef3e534908bdb135e9e4425e5d7383d87a3711057f689dfad7c23f46727138938022e0b
-
SSDEEP
393216:GiIE7YoPQ5dQuslSq99oWOv+9fgfj0Tm+Nmw:H7rPQ5dQuSDorvSYfjr+V
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-