General
-
Target
Sorlion.zip
-
Size
13.9MB
-
Sample
240115-r4tz8aaff4
-
MD5
e41ae8ca818f14e2927f8aff15025244
-
SHA1
d6d7bfde7206f14e9fe0937ac0758bffed74178d
-
SHA256
6999449c4c0d05e5610cdbc8e15ed3ba1c1fc877ebd16069532fbcdd8caa5bf1
-
SHA512
a30ba9a0a2003688405f7d856cd4224f3f1377b7349745f4749ccd913969c7a38bfce76cadfbae3bd4f6c0e30ffcc87c0b4106a6bb7e9277adef1179b169ba4b
-
SSDEEP
393216:rcYfaLqsnUrMh1eXAKW059kVqIiNKVIzcFN7a:rDGqch1ec0H+iNKVIMN7a
Malware Config
Targets
-
-
Target
Sorlion/Sorlion.exe
-
Size
14.1MB
-
MD5
ad92593a8c54e5a9aad26324ecafb592
-
SHA1
2f377421b52861095a14a6765e21a229844865e3
-
SHA256
aba06dac1605dbce2968118621c1689e13e01106edea5431ebda785eb07aaddd
-
SHA512
622fcc50accbb9fefca4a6db93dc8b7e07697b7e63dcdc8e7ab7fc9aa178d1450a70dcfd743671060d1714c15b658a5601a2fda2c2a5e2b8c149a85525975bf8
-
SSDEEP
393216:tOX7QN/5P9bCEDVL2ciIrHW4PtCkeHCn6:tOLQNCEDV4ILztCkei6
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Creal.pyc
-
Size
29KB
-
MD5
9f07eccdcd81e526f2913a25d75c693d
-
SHA1
6ab0d29436542984c0b390df45f83286934b422a
-
SHA256
9f758e2b5bb853aca00f582df99c41cdfc55702f339bdd147d6341ce324ae7d7
-
SHA512
36ed587d4525ee95ffafabfb2c52c6a9f5ceca959baf1024d7393c272fdc2d8805d3bdcf35d25213f8b9ff88e294526c263a36eb69ed49b8ade1a9805ec251b2
-
SSDEEP
768:+trcnrqcCuKa/IdcxVETeAFpK5Dha4tWcpuKGPCg:GSrAO/J2vY5DAVy587
Score3/10 -