General
-
Target
Built(vm).exe
-
Size
7.3MB
-
Sample
240223-rb4zqabf9s
-
MD5
42f725c808fd2e3dbfbc7ef87c13d4ee
-
SHA1
f4ab4e4481b1e17009186c79643ba04f4f4c6332
-
SHA256
cd4a3a88c82594a17a79dbc3db61216d29724ceb1cdd1420b1ee0cc47abcfff7
-
SHA512
8753ffb0c672c3cb966322aad1ea88e4e1c571ea45a4280eb75ad497b611a221c40b9ab1094cf3883649170eba3c08ac8970ec8c5335e5a8ee8bec988f2c4045
-
SSDEEP
196608:whYS6wsOshoKMuIkhVastRL5Di3uh1D7JJ:cYSqOshouIkPftRL54YRJJ
Malware Config
Targets
-
-
Target
Built(vm).exe
-
Size
7.3MB
-
MD5
42f725c808fd2e3dbfbc7ef87c13d4ee
-
SHA1
f4ab4e4481b1e17009186c79643ba04f4f4c6332
-
SHA256
cd4a3a88c82594a17a79dbc3db61216d29724ceb1cdd1420b1ee0cc47abcfff7
-
SHA512
8753ffb0c672c3cb966322aad1ea88e4e1c571ea45a4280eb75ad497b611a221c40b9ab1094cf3883649170eba3c08ac8970ec8c5335e5a8ee8bec988f2c4045
-
SSDEEP
196608:whYS6wsOshoKMuIkhVastRL5Di3uh1D7JJ:cYSqOshouIkPftRL54YRJJ
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
>���Z _.pyc
-
Size
1KB
-
MD5
185b7c5fdbcd892ffcb31700c33f562a
-
SHA1
45dcb1fd9392e1b788057c4f5ed7b13ba4e3ebf9
-
SHA256
465bee7a008cf07c666fd9eef080531aed4704e79c6fa4f57ece088e4164e16d
-
SHA512
02edf004cb585a447f2d6a46f36bbb3f721ef15ffbb71b3301c96833f6138d6f28c70bab73e37ab7d478381a30cba8965b8adc1463483d996adf6f956fa41013
Score1/10 -