General
-
Target
54cadbba8f030dc4295f40588afff347.exe
-
Size
314KB
-
Sample
240222-erxt5abd7x
-
MD5
54cadbba8f030dc4295f40588afff347
-
SHA1
39cd61767b54f8eef0436b5f29cec29dde204973
-
SHA256
91f1fa09f81ce6890d0aae6f15877a3784a0da0e1b68781aa33372adbc378030
-
SHA512
f321e41bb2827b2fa9bf479f8ea1625e5cca3961a639d06bbfedd934151dff0d07bddf1dc2c705ea02986cf2d243984523dbfab5a70ff160decf541031bd4bcd
-
SSDEEP
3072:efDoNtU2TQM2S5XCnTT5vEl1nFBmh/IZgs9p5p1nmzLa2fffffKfND:nfU2Tl2SWdmzWwZjtLfl
Malware Config
Targets
-
-
Target
54cadbba8f030dc4295f40588afff347.exe
-
Size
314KB
-
MD5
54cadbba8f030dc4295f40588afff347
-
SHA1
39cd61767b54f8eef0436b5f29cec29dde204973
-
SHA256
91f1fa09f81ce6890d0aae6f15877a3784a0da0e1b68781aa33372adbc378030
-
SHA512
f321e41bb2827b2fa9bf479f8ea1625e5cca3961a639d06bbfedd934151dff0d07bddf1dc2c705ea02986cf2d243984523dbfab5a70ff160decf541031bd4bcd
-
SSDEEP
3072:efDoNtU2TQM2S5XCnTT5vEl1nFBmh/IZgs9p5p1nmzLa2fffffKfND:nfU2Tl2SWdmzWwZjtLfl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-