General
-
Target
Builder.exe
-
Size
15.7MB
-
Sample
240404-tdtmwabh31
-
MD5
7327729a164a1f1e3ed2385833923a96
-
SHA1
44d64eae30c7fcf10db081dcfb90b7319b91bb7e
-
SHA256
e4ced8bc2a89472505b522fe4245420e821dfa02e9624d8f32e4d8d1296e1cc8
-
SHA512
e16d487fc5767da14db252957aa63646d3baf7bf1b2caa9ac95dc267e874379fe4f54ad0179505ceb000a54a8b3a6b0a9da0e20bc83e4db3093ae9020f593e60
-
SSDEEP
393216:FoVRsuM+sInEroXy/m3pQ14S27J4Kn8hJV4a3t7zB07:FoHsOHErUyK314ICdt7F07
Malware Config
Targets
-
-
Target
Builder.exe
-
Size
15.7MB
-
MD5
7327729a164a1f1e3ed2385833923a96
-
SHA1
44d64eae30c7fcf10db081dcfb90b7319b91bb7e
-
SHA256
e4ced8bc2a89472505b522fe4245420e821dfa02e9624d8f32e4d8d1296e1cc8
-
SHA512
e16d487fc5767da14db252957aa63646d3baf7bf1b2caa9ac95dc267e874379fe4f54ad0179505ceb000a54a8b3a6b0a9da0e20bc83e4db3093ae9020f593e60
-
SSDEEP
393216:FoVRsuM+sInEroXy/m3pQ14S27J4Kn8hJV4a3t7zB07:FoHsOHErUyK314ICdt7F07
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-