General

  • Target

    de44cf4a2b46b535540c2796997fe4e5

  • Size

    5.9MB

  • Sample

    240325-r6y2ysdh9y

  • MD5

    de44cf4a2b46b535540c2796997fe4e5

  • SHA1

    703385305bdfa8b1ce282b7cb9009f526288d5dd

  • SHA256

    cfce3da37697d0ed6bef423376cd386b0a3930debf9df3c884ee7fb77344eeaf

  • SHA512

    d773f95b1abfc0a5b9e328d9d3a4d4423c763e01dd003c74960893f34f7c2411607bbe16465f2a46f80ca3ceae662d2a8d3854961357efcb0ad05a74f12aabdc

  • SSDEEP

    98304:s0Zt2FvbwHS2xxw+vMlP2N3BtqzhRbnqXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5Bo:s0KvKnmP2NxEtI405QYtsTEB08T8HehD

Score
9/10

Malware Config

Targets

    • Target

      de44cf4a2b46b535540c2796997fe4e5

    • Size

      5.9MB

    • MD5

      de44cf4a2b46b535540c2796997fe4e5

    • SHA1

      703385305bdfa8b1ce282b7cb9009f526288d5dd

    • SHA256

      cfce3da37697d0ed6bef423376cd386b0a3930debf9df3c884ee7fb77344eeaf

    • SHA512

      d773f95b1abfc0a5b9e328d9d3a4d4423c763e01dd003c74960893f34f7c2411607bbe16465f2a46f80ca3ceae662d2a8d3854961357efcb0ad05a74f12aabdc

    • SSDEEP

      98304:s0Zt2FvbwHS2xxw+vMlP2N3BtqzhRbnqXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5Bo:s0KvKnmP2NxEtI405QYtsTEB08T8HehD

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks