General
-
Target
wintask.exe
-
Size
16.0MB
-
Sample
240229-x5bg6aaf83
-
MD5
f715ebd552c6ca4dc6fa695d1888d1d5
-
SHA1
f0bedacc55824b7bfade77670a203536e12c5612
-
SHA256
9d1cf39cebde1797f841218b826c21d50906e42fb0cd770e51b806d2a1ed15f7
-
SHA512
ceb2b21e40a22ddec75128feb87700da5fb204a1d5bfc772e1e86cbb46dc39baa89c96a457d6f98e86cc2214027106aa172953a1ab62bb00c2289f1510405e5f
-
SSDEEP
393216:bu7L/PdQuslEQ+l9RoWOv+9rzaAlNYBWVruD:bCLXdQubQGborvSrOqNVrQ
Malware Config
Targets
-
-
Target
wintask.exe
-
Size
16.0MB
-
MD5
f715ebd552c6ca4dc6fa695d1888d1d5
-
SHA1
f0bedacc55824b7bfade77670a203536e12c5612
-
SHA256
9d1cf39cebde1797f841218b826c21d50906e42fb0cd770e51b806d2a1ed15f7
-
SHA512
ceb2b21e40a22ddec75128feb87700da5fb204a1d5bfc772e1e86cbb46dc39baa89c96a457d6f98e86cc2214027106aa172953a1ab62bb00c2289f1510405e5f
-
SSDEEP
393216:bu7L/PdQuslEQ+l9RoWOv+9rzaAlNYBWVruD:bCLXdQubQGborvSrOqNVrQ
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-