General
-
Target
pclient.exe
-
Size
840KB
-
Sample
240414-zpsgvadc97
-
MD5
d8ea5289f6d44800fa12b8e8c0b96eeb
-
SHA1
31f09f936217c886d756af8a38ad579e83b3c952
-
SHA256
29a522d6063c16d08a83091979941a3e2cbc0857faa1dcf0154acc38c5fd34d4
-
SHA512
50fbdaee80beba732f8ed52c9a0d49615bdd7ad81d516f750202bc503d1c37ed1d06c1776a1f83034a0f8e7b7841d5a7fec4e21662ec5dcb80e8663d6a69940a
-
SSDEEP
24576:7/dk1VlPNWNkbjx/W9ikYa651yu5/XsrXKbRSxlfjjZS:BuVlPNWNkbjx/A2h735vsDAUa
Malware Config
Targets
-
-
Target
pclient.exe
-
Size
840KB
-
MD5
d8ea5289f6d44800fa12b8e8c0b96eeb
-
SHA1
31f09f936217c886d756af8a38ad579e83b3c952
-
SHA256
29a522d6063c16d08a83091979941a3e2cbc0857faa1dcf0154acc38c5fd34d4
-
SHA512
50fbdaee80beba732f8ed52c9a0d49615bdd7ad81d516f750202bc503d1c37ed1d06c1776a1f83034a0f8e7b7841d5a7fec4e21662ec5dcb80e8663d6a69940a
-
SSDEEP
24576:7/dk1VlPNWNkbjx/W9ikYa651yu5/XsrXKbRSxlfjjZS:BuVlPNWNkbjx/A2h735vsDAUa
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-