eb27462314e5f51db09422b1f9cd537ad9731857ff84ff57ce9aa4c7cfb269e9

General

Target

3de318ebeb6a966aadbe919c29e90c36
Size

124KB
Sample

240101-zxxrjadce4
MD5

3de318ebeb6a966aadbe919c29e90c36
SHA1

a12a02c2f0698548f5c082d98c40b2ae75342ca1
SHA256

eb27462314e5f51db09422b1f9cd537ad9731857ff84ff57ce9aa4c7cfb269e9
SHA512

572a7cf31a8c1d75d07fc861ba2b910dc289366b00039e3c32e4c5be1ed0888ecf5047377c703148cd6522d75fd7da39e73f7937934e9cda99927db7dee9f0fa
SSDEEP

3072:DUIYXjOMy/7+rzJ/8Xvd6ttJkNwPfVR/tAjui5P9Dcwnna:GjU+UFmtJk+//t+nna

Score

7^/10

Malware Config

Targets

- Target
  
  772d76cd6cbaaf6e4878c2e6c14917f5.vir
- Size
  
  144KB
- MD5
  
  772d76cd6cbaaf6e4878c2e6c14917f5
- SHA1
  
  b8ed51d346c5b754848e36880a816039c9e875aa
- SHA256
  
  8d11d6895b8d24ddb79d2c68d5938abb5dceb75beab5c2f0f5a0f967875e9ad2
- SHA512
  
  d39b9fff1805d46f282ab38eb2a0eaad119ad201cf30145aa658502658cdf66159b12d70e3483d1cb8982e9f4ec9c333e142f9918bd44c589cf4b9707302aab5
- SSDEEP
  
  3072:UDa5T5E6lWPFUJbkwcp8TB/I6gM0hUq+GlCZVtcFeql37Ky:eMT7lW9UJgwyb6TXVtceQ37
Score

7^/10

collection evasion persistence spyware stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2