General
-
Target
240229-r6rmwacc2v_pw_infected.zip
-
Size
14.2MB
-
Sample
240229-x6q91aab9v
-
MD5
fa8fd1113bfe9d429d3371ea60f2c417
-
SHA1
a964457813121197282b518efb71fbbbda42bb87
-
SHA256
ad15e741394db88ef7fb88c4b1fce1e83e26bb7150b8c463e4657d510dccc58c
-
SHA512
cf427bdbf89915605418bc68f6f2f85a515bc8d47a426b33c17911d4c166ac777e927d3bbb1f984578aaf30faae39062fb1c1f4c93e43214a6500509b0a4a686
-
SSDEEP
196608:gTM2FvNknvPbBSWr06+uPOd++sd6laHhEuyf2vh+YtnGKoDe3V2GFSOYdn+TCAOT:gTM2xGr5+u2dZE9H6DWhHS04GSOYICn
Malware Config
Targets
-
-
Target
chromewebhelper.exe
-
Size
797KB
-
MD5
e3b8b6e5e354fe993459d9eb0bd1ee3c
-
SHA1
cc2c9c7020fc79e1f46974a13e6ca3f14aaaa6d5
-
SHA256
5499a64317fd7fa44767bd4c10ad4803115b00b4ea36bde635b130742d432de7
-
SHA512
43ca2a53aaac526f1ad143d19f4f3f1bd09f5d7ba91ecbb08b72a38e2e64f920e7bd0ce2240af97e13ab66b6e7f189279fc02c037d48886cace5840159b292e5
-
SSDEEP
12288:kZrULMF1bEdXSD0v9qvVvm/G3FBCBLyPYe6qFz80COFuw5nMtpnHYhaa:kYMrbGXSw9q1m+qLyP1r80CO/5nMXnC
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
tool.exe
-
Size
14.0MB
-
MD5
2a1c3e6695d49f089b56b7a122bf3d1b
-
SHA1
df1c72fe8700e26ecf4728a9a959813f94ac9571
-
SHA256
5155ec79a40d96c9784770d568b0274ee30cf0a20e5aa1319e44d537bf27c2fe
-
SHA512
25dc4c53ebc600def7cd08d80275211e9d04c9ca93dbba8240fea3d42c10caf6c6b1c2920bddadaed888334d283ba07dc7f44fcf26d836bed28a76b913d50877
-
SSDEEP
393216:nZEkZgf8O/81+TtIiFGvvB5IjWqn6eclz1fPpksz6xmJ7KWHr:ZRbOU1QtIZX3ILn6ecHP66om8E
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-