General
-
Target
tmp
-
Size
237KB
-
Sample
240211-yj8q7sba2v
-
MD5
515fad2ad656dfad25a22120a0239a93
-
SHA1
027d417e822759bb1f34cd6ad3f2dbe4012a539b
-
SHA256
e835226fddc4014bcb5124e743e366facd023bdec0a0ce169fd0f1e3a6653cb4
-
SHA512
26aa91022c3c386ba0e3a56cca2de501dbd5661e54b3af452ecaa6fd75b5df44afc0f6609e0a908624b51ddce22740dbb9b4fe285458418577ffe620feb6af19
-
SSDEEP
3072:DnmbRMPaskeZDYcqmsJ8JNuDRrIk/h54MBth61vZ4JTOXMzxA5HHWpW:OBIYnmlJNwp5482xaSzHW
Malware Config
Targets
-
-
Target
tmp
-
Size
237KB
-
MD5
515fad2ad656dfad25a22120a0239a93
-
SHA1
027d417e822759bb1f34cd6ad3f2dbe4012a539b
-
SHA256
e835226fddc4014bcb5124e743e366facd023bdec0a0ce169fd0f1e3a6653cb4
-
SHA512
26aa91022c3c386ba0e3a56cca2de501dbd5661e54b3af452ecaa6fd75b5df44afc0f6609e0a908624b51ddce22740dbb9b4fe285458418577ffe620feb6af19
-
SSDEEP
3072:DnmbRMPaskeZDYcqmsJ8JNuDRrIk/h54MBth61vZ4JTOXMzxA5HHWpW:OBIYnmlJNwp5482xaSzHW
Score8/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-