General
-
Target
0e4049034e0d14a1f1a96df452a27c61.exe
-
Size
283KB
-
Sample
240311-hg4rgaeb74
-
MD5
0e4049034e0d14a1f1a96df452a27c61
-
SHA1
14f6fa868c90a6abc35722d2c6668222524824e6
-
SHA256
80c85a5d74bde95185f62fbad636c845cb5c473215d11a85c26c66ccb5119a07
-
SHA512
b9f97c1a3276447b955c14935ecf81b79ca9a0e72a00afcdffc22b492f77260e3025f4c5fbd3a04cf74afd3cf39751c887dff07901da5c70ffb913f89d32ccad
-
SSDEEP
3072:W+4UppH1NeY3+pWX6bROP2m2mmaguuikUxjj5zmGJbBdTyQ9ym+H6MQuTRIwXXeL:WJUX1QVYqWQ1cfhmGJBZyg6xpTXuD
Malware Config
Targets
-
-
Target
0e4049034e0d14a1f1a96df452a27c61.exe
-
Size
283KB
-
MD5
0e4049034e0d14a1f1a96df452a27c61
-
SHA1
14f6fa868c90a6abc35722d2c6668222524824e6
-
SHA256
80c85a5d74bde95185f62fbad636c845cb5c473215d11a85c26c66ccb5119a07
-
SHA512
b9f97c1a3276447b955c14935ecf81b79ca9a0e72a00afcdffc22b492f77260e3025f4c5fbd3a04cf74afd3cf39751c887dff07901da5c70ffb913f89d32ccad
-
SSDEEP
3072:W+4UppH1NeY3+pWX6bROP2m2mmaguuikUxjj5zmGJbBdTyQ9ym+H6MQuTRIwXXeL:WJUX1QVYqWQ1cfhmGJBZyg6xpTXuD
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-