General
-
Target
68d35e54dfeed830ec119b78f61af992
-
Size
4.3MB
-
Sample
231219-vxhkdsfad4
-
MD5
68d35e54dfeed830ec119b78f61af992
-
SHA1
49baa8c0081ae25e05fa9f6d27f4e84c4773a77a
-
SHA256
f0a1ec7d501bcdb83c63b84d3ec1fd7ffb90e78a31ffeda9182c34e1d7eee543
-
SHA512
c7e41b7095c47b23a380cbb9da3d2513102f2081cb4a1ae5d87aba5866005286f90f01d04ad1ca8986a743623c72aa87378c06c505057c5bbf77ba0549977d8c
-
SSDEEP
98304:a7YLLWh9a/w4MeWSuoQyK5G+SwSXJezFasO8lBJ3FRsFR:a7YWhsIrSuuIG+EZE/lBJ3O
Malware Config
Extracted
44caliber
https://discordapp.com/api/webhooks/893128410019278858/tGGLgbbsDNDE6jU3LWQhmeL1LvsML2n__m8nmjbo9A045JghDyW6wHwGbWb3FIuxh5Fb
Targets
-
-
Target
68d35e54dfeed830ec119b78f61af992
-
Size
4.3MB
-
MD5
68d35e54dfeed830ec119b78f61af992
-
SHA1
49baa8c0081ae25e05fa9f6d27f4e84c4773a77a
-
SHA256
f0a1ec7d501bcdb83c63b84d3ec1fd7ffb90e78a31ffeda9182c34e1d7eee543
-
SHA512
c7e41b7095c47b23a380cbb9da3d2513102f2081cb4a1ae5d87aba5866005286f90f01d04ad1ca8986a743623c72aa87378c06c505057c5bbf77ba0549977d8c
-
SSDEEP
98304:a7YLLWh9a/w4MeWSuoQyK5G+SwSXJezFasO8lBJ3FRsFR:a7YWhsIrSuuIG+EZE/lBJ3O
Score10/10-
44Caliber
An open source infostealer written in C#.
-
BlackGuard
Infostealer first seen in Late 2021.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-