General
-
Target
SeanPalia.rar
-
Size
74.5MB
-
Sample
240426-3nkx6afd3w
-
MD5
f60f4427058b9b509d6f8ca9bc4a3047
-
SHA1
3f15f75d10fa01cf4e2da68c7785d5f37efa7eb1
-
SHA256
edbdf58ed60754859587a35176293934c8d3f96c03eaa9008257dc68a27d1005
-
SHA512
8ba46b9e28d0990014b1529d46c58fb0adbe338390c4fb7d08f1a397c2b94f9faa57916ec37ce6af9a1e25d45f6181a8e3d243a45de2b560474ede30dca5768c
-
SSDEEP
1572864:Jh6LBYVwm5cOYQi2Jrydy7gJnsI0SNcucgzxTMWIyaQx:JsuaIR3rEy8JnsqN0QMW3
Malware Config
Targets
-
-
Target
SeanPalia.rar
-
Size
74.5MB
-
MD5
f60f4427058b9b509d6f8ca9bc4a3047
-
SHA1
3f15f75d10fa01cf4e2da68c7785d5f37efa7eb1
-
SHA256
edbdf58ed60754859587a35176293934c8d3f96c03eaa9008257dc68a27d1005
-
SHA512
8ba46b9e28d0990014b1529d46c58fb0adbe338390c4fb7d08f1a397c2b94f9faa57916ec37ce6af9a1e25d45f6181a8e3d243a45de2b560474ede30dca5768c
-
SSDEEP
1572864:Jh6LBYVwm5cOYQi2Jrydy7gJnsI0SNcucgzxTMWIyaQx:JsuaIR3rEy8JnsqN0QMW3
Score3/10 -
-
-
Target
SeanPalia.exe
-
Size
74.5MB
-
MD5
b833075c50beb01bb3d94188b7185dfd
-
SHA1
3eca55d9f773c0c6f748fbfffccb57b08f553e38
-
SHA256
32db7a6bc753a0485e658ed7fd85cbbced59638ea6d4a707b9876f5c3219ab78
-
SHA512
670520f15aa15f0894777bb148a6d8c4a977bdd30c1b472edeb9ace290d598f61b53d14c8f68a7cdac30792068e65632c5b681f14b1dd6acefbc68a437a9ab03
-
SSDEEP
1572864:ih6LBYVwm5cOYQi2Jrydy7gJnsI0SNcucgzxTMWIyaQ:isuaIR3rEy8JnsqN0QMW
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
$PLUGINSDIR/app-32.7z
-
Size
74.0MB
-
MD5
5e4c799bc33c819ca9be0a4328e68a18
-
SHA1
3ef5cddda4420ad076f5448be3a8035e0cd77cd3
-
SHA256
5bef26642cf199955683caa78e9cadbefa3da25a03a7a1f5bffd17ad5c7c3e84
-
SHA512
565efe91540fad5c67880c1a01e9792c1ccd331205875a4619affda034dd1ff0344812660f55d7dd8fc8d15f341d78ab5831f1137a0516fc36c6910124bb4479
-
SSDEEP
1572864:a6LBYVwm5cOYQi2Jrydy7gJnsI0SNcucgzxTMWIyaQQ:RuaIR3rEy8JnsqN0QMWi
Score3/10 -
-
-
Target
SeanPalia.exe
-
Size
131.9MB
-
MD5
b0a0c7118089066877d370ab5a103236
-
SHA1
3cd7dc4c3d1664aa58dbf4126e0500296076e884
-
SHA256
e80ccaeed92ccdf0314baed3bee369ccd8901ba3fa76eeeb23cba1e02d1a3a95
-
SHA512
bd1f7b80f755ed3b57fbf29ed788c3a5e351cfd97550c1502c6f85bfa0ec2ab325abde9ed4be8c0c7a3d85d2b7017f63e74526c0f8f0c34397a9bf8ec4c9fc0f
-
SSDEEP
1572864:84sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVB:hl/BkVVPBDgmPKa5Wnu3X7
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score1/10 -