General
-
Target
7ca564db1d81450ef71b1ab246926787
-
Size
122KB
-
Sample
240128-kfcmpsgghn
-
MD5
7ca564db1d81450ef71b1ab246926787
-
SHA1
b401937ff93850477f6907d4e3d9d8cf697c37c2
-
SHA256
59cc475eab98ccd7fc2daae7a9468115c7b6e40323db18f7ec318868fa332ec6
-
SHA512
d262537588a41b838e0970aeeebd6f4aacfa9b2dda1b38525b59a5401e2454cfba18b7782ff5a44e166b3eeaa9282a2f1a35bcfc149c8cb7de16154033f4093e
-
SSDEEP
3072:fvlt0WaxhGV+6dT9qfMaWfpCqrLJJqG2:XlgxUVt9qUaWfpjUG
Malware Config
Targets
-
-
Target
7ca564db1d81450ef71b1ab246926787
-
Size
122KB
-
MD5
7ca564db1d81450ef71b1ab246926787
-
SHA1
b401937ff93850477f6907d4e3d9d8cf697c37c2
-
SHA256
59cc475eab98ccd7fc2daae7a9468115c7b6e40323db18f7ec318868fa332ec6
-
SHA512
d262537588a41b838e0970aeeebd6f4aacfa9b2dda1b38525b59a5401e2454cfba18b7782ff5a44e166b3eeaa9282a2f1a35bcfc149c8cb7de16154033f4093e
-
SSDEEP
3072:fvlt0WaxhGV+6dT9qfMaWfpCqrLJJqG2:XlgxUVt9qUaWfpjUG
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-