General
-
Target
svchost.exe
-
Size
7.4MB
-
Sample
240428-x125bafc5x
-
MD5
1030476a7ef8cb5c29c16902a1caa8e3
-
SHA1
6811a40c61e1cf6d07ef04573c9bd11ad76f4e34
-
SHA256
1a8cce0b3c824a7b538c386d8b95f573206f32fc10be4a33bb4c2a0ae72e70b4
-
SHA512
f15b4b3bfa5a55c5df2ee3839ccd0f2e9a2272760ae990f2377c0b6eb8c7dc0c2d476529e82193788033dab5c30c6c1460eeb3f013addf4de9b3e62410fba02d
-
SSDEEP
196608:Trno0cDenLjv+bhqNVoBKUh8mz4Iv9Plu1D7A3:JieLL+9qz8/b4IzuRA3
Malware Config
Targets
-
-
Target
svchost.exe
-
Size
7.4MB
-
MD5
1030476a7ef8cb5c29c16902a1caa8e3
-
SHA1
6811a40c61e1cf6d07ef04573c9bd11ad76f4e34
-
SHA256
1a8cce0b3c824a7b538c386d8b95f573206f32fc10be4a33bb4c2a0ae72e70b4
-
SHA512
f15b4b3bfa5a55c5df2ee3839ccd0f2e9a2272760ae990f2377c0b6eb8c7dc0c2d476529e82193788033dab5c30c6c1460eeb3f013addf4de9b3e62410fba02d
-
SSDEEP
196608:Trno0cDenLjv+bhqNVoBKUh8mz4Iv9Plu1D7A3:JieLL+9qz8/b4IzuRA3
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-