General
-
Target
Photo de mes pieds.scr
-
Size
13.7MB
-
Sample
240312-rkr2hsaf3y
-
MD5
3325ae14de12720c299b53c1e1a3a78d
-
SHA1
f0747ee616b715444165f74e2f32d40ff4a04921
-
SHA256
d0c93b9538808f2d8dc97479b7c709294a9882f62afc73b430eab0041cf86279
-
SHA512
303d21382af1dc00d0c1701f812dd26ade3fb0299e41b3476d9b10a0dcd8f4ca4b4081c447f8d771481c4b403d1924abdabfac89294a726e0b3359019e3ba22d
-
SSDEEP
196608:g3GOKZ79VzU3HM4iHdbfKryizqafsp9+47eYzDi5bKs4/rbvSocRmMaL+VFgEcBi:BfzU8Xhf45nkp9+wLqGbvXZFLodcByJB
Malware Config
Targets
-
-
Target
Photo de mes pieds.scr
-
Size
13.7MB
-
MD5
3325ae14de12720c299b53c1e1a3a78d
-
SHA1
f0747ee616b715444165f74e2f32d40ff4a04921
-
SHA256
d0c93b9538808f2d8dc97479b7c709294a9882f62afc73b430eab0041cf86279
-
SHA512
303d21382af1dc00d0c1701f812dd26ade3fb0299e41b3476d9b10a0dcd8f4ca4b4081c447f8d771481c4b403d1924abdabfac89294a726e0b3359019e3ba22d
-
SSDEEP
196608:g3GOKZ79VzU3HM4iHdbfKryizqafsp9+47eYzDi5bKs4/rbvSocRmMaL+VFgEcBi:BfzU8Xhf45nkp9+wLqGbvXZFLodcByJB
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-