General
-
Target
f3cd6d7257421153da50a054698afff126b8122067926c9fffc9e9e5a101a3cc
-
Size
438KB
-
Sample
240419-fdqpbshb94
-
MD5
3e4906e5486da3018a6c4997b96944e3
-
SHA1
6375dc55eb217a19b0cb2304592ba31140b4a7d9
-
SHA256
f3cd6d7257421153da50a054698afff126b8122067926c9fffc9e9e5a101a3cc
-
SHA512
98149876250f3015674363f9d290a5a51e4a161235eb57b0620827d1685af7fd6143009d0b3ffe0fc6a2e216d3bbd97fedfdae0230779a057b9f67b8284f391f
-
SSDEEP
6144:pIZBFT/ylE4AxP4sXp/WdT0RYhHWyG+xgXERMZ0fP+bvE/wDqD1/:EFTKiFNRYh2yGlXERMZdvEf1/
Malware Config
Targets
-
-
Target
f3cd6d7257421153da50a054698afff126b8122067926c9fffc9e9e5a101a3cc
-
Size
438KB
-
MD5
3e4906e5486da3018a6c4997b96944e3
-
SHA1
6375dc55eb217a19b0cb2304592ba31140b4a7d9
-
SHA256
f3cd6d7257421153da50a054698afff126b8122067926c9fffc9e9e5a101a3cc
-
SHA512
98149876250f3015674363f9d290a5a51e4a161235eb57b0620827d1685af7fd6143009d0b3ffe0fc6a2e216d3bbd97fedfdae0230779a057b9f67b8284f391f
-
SSDEEP
6144:pIZBFT/ylE4AxP4sXp/WdT0RYhHWyG+xgXERMZ0fP+bvE/wDqD1/:EFTKiFNRYh2yGlXERMZdvEf1/
Score9/10-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables containing base64 encoded User Agent
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-