General
-
Target
https://cdn.discordapp.com/attachments/1165283803170873435/1177299840456204288/CCvisaBy0x1337.rar?ex=65e9f96b&is=65d7846b&hm=9a838bc12d6320b84fd8bca61bfbcf7bf3f4b374a72e7ff19ff307f6d4753af0&
-
Sample
240224-y38wbaed21
Score
7/10
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1165283803170873435/1177299840456204288/CCvisaBy0x1337.rar?ex=65e9f96b&is=65d7846b&hm=9a838bc12d6320b84fd8bca61bfbcf7bf3f4b374a72e7ff19ff307f6d4753af0&
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-