General
-
Target
cstealer.exe
-
Size
17.1MB
-
Sample
240428-jre2jabd7z
-
MD5
3e913c04b4c65f22b156a0905718141d
-
SHA1
2c6156a8e1b510d04f8bcbff09587eb7b0fd62c2
-
SHA256
7bfac72c5e06aa8f4be8d670681de3a4cfa2161e7344530df00327f0452c0cc6
-
SHA512
103ab25e5483829469a1b2cc428f97ca762cc8d6d4cffc8dc14f8631678ca1b94671bb70d9294f876fe6c71346df437433543dc7ea325da202553b6ca43b67a8
-
SSDEEP
393216:zEkZQZP8AxYDwdQuslSl99oWOv+9fg+MUacSn5X3:zhQiXsdQu9DorvSY+Ja7nt
Malware Config
Targets
-
-
Target
cstealer.exe
-
Size
17.1MB
-
MD5
3e913c04b4c65f22b156a0905718141d
-
SHA1
2c6156a8e1b510d04f8bcbff09587eb7b0fd62c2
-
SHA256
7bfac72c5e06aa8f4be8d670681de3a4cfa2161e7344530df00327f0452c0cc6
-
SHA512
103ab25e5483829469a1b2cc428f97ca762cc8d6d4cffc8dc14f8631678ca1b94671bb70d9294f876fe6c71346df437433543dc7ea325da202553b6ca43b67a8
-
SSDEEP
393216:zEkZQZP8AxYDwdQuslSl99oWOv+9fg+MUacSn5X3:zhQiXsdQu9DorvSY+Ja7nt
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-