Overview

overview

7

Static

static

3

conferma_pdf2.exe

windows10-2004-x64

7

Resubmissions

25/03/2024, 16:06

240325-tkc9gace29 10

22/03/2024, 16:41

240322-t7bzxsdg92 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    conferma_pdf2.exe

  • Size

    13.8MB

  • Sample

    240322-t7bzxsdg92

  • MD5

    4c98043467d9a02501b918ab0ba6a5ca

  • SHA1

    6bbb68c48dcdd6e17c108862bcfad37661bfd93b

  • SHA256

    9a55239c4dd7f48ce180c8ed3b9845bb8003880eee77756ec8d1cf2dba21883e

  • SHA512

    4426dc24ce734afc5184affcf47d421fd621865ed5a9702bcf25b0978b840736eea405996e29e150625d301d3ef1616b753f6b1e13fcc559e7002396174fd99e

  • SSDEEP

    196608:fuvbT1b7UirbgdQBJ6moWqpoRPaPaLzegyr:fuvb5bHbIQBRoWvRxzjo

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      conferma_pdf2.exe

    • Size

      13.8MB

    • MD5

      4c98043467d9a02501b918ab0ba6a5ca

    • SHA1

      6bbb68c48dcdd6e17c108862bcfad37661bfd93b

    • SHA256

      9a55239c4dd7f48ce180c8ed3b9845bb8003880eee77756ec8d1cf2dba21883e

    • SHA512

      4426dc24ce734afc5184affcf47d421fd621865ed5a9702bcf25b0978b840736eea405996e29e150625d301d3ef1616b753f6b1e13fcc559e7002396174fd99e

    • SSDEEP

      196608:fuvbT1b7UirbgdQBJ6moWqpoRPaPaLzegyr:fuvb5bHbIQBRoWvRxzjo

    Score
    7/10
    spywarestealer

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks