General
-
Target
five-m-spoofer-main.zip
-
Size
2.8MB
-
Sample
240416-tkglwsed23
-
MD5
fcd21bdf93186ac3df9f83489576521f
-
SHA1
ff226aae1226677ae1634816f6ab46de5b2a0818
-
SHA256
a8574a174932122c44662671965d1fda3d35682266be57216400ceac1280b14c
-
SHA512
efa58d33a2c3714310514867a74c3a292bb5d00f3a754747867316d23bbb76a52a6d16a3f75deef443b2f25e75694d77492716b5215b88f6890e12f36bf1b7a2
-
SSDEEP
49152:R60nRqisXp7c+d9KpY0aNlLsEDY4Smio6UC9VNxFNU7OCKeF86Kr/MFc5lSF9gxP:LgrpA+L0aNlLsuSForCVxF+QSFc5lSFs
Static task
static1
Malware Config
Targets
-
-
Target
five-m-spoofer-main/five-m-spoofer.exe
-
Size
2.8MB
-
MD5
c0c4ae67d89cd777965286d8b1a95ab0
-
SHA1
bfd61d1cd3c9a3f1caf2c7da1f6127560862e68c
-
SHA256
7a1ef3cddcc4affb36f37e86d76652aeb5b4aea140d598342b20ddbe5af30afb
-
SHA512
732a6f1042ae653a8b32ea58efa1fabcd04adc4a649f878298ac00e8c6beb76674a4c13e78296e646ed52a1be8cf4cb3bf7500ccbd5a6e4607b4cf861431af2c
-
SSDEEP
49152:7smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:9qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-