General
-
Target
login
-
Size
26KB
-
Sample
240501-nwfk3sea6z
-
MD5
7841542171f3c322e6a44e2f26805e05
-
SHA1
ece44ff6d9ee04f679282babe73728780bd624e0
-
SHA256
7245852425fac82f450eba955c50c4d4aaf293f20c025c3c6f3b1550057dce25
-
SHA512
9d5df9df8d4a7b78d66cd6979321723daddc48e4e237c4da9722069d610a585da8850d1fea4e80b02aa05148a342d4a4193f9f8a7816fa9b1ececed074ba4b85
-
SSDEEP
384:CLm5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZFuulffGfMflJz3syZj5XCqzGX3E:j/+scm2f/Yb6Hbuul3UWlJ7syZ9J
Malware Config
Targets
-
-
Target
login
-
Size
26KB
-
MD5
7841542171f3c322e6a44e2f26805e05
-
SHA1
ece44ff6d9ee04f679282babe73728780bd624e0
-
SHA256
7245852425fac82f450eba955c50c4d4aaf293f20c025c3c6f3b1550057dce25
-
SHA512
9d5df9df8d4a7b78d66cd6979321723daddc48e4e237c4da9722069d610a585da8850d1fea4e80b02aa05148a342d4a4193f9f8a7816fa9b1ececed074ba4b85
-
SSDEEP
384:CLm5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZFuulffGfMflJz3syZj5XCqzGX3E:j/+scm2f/Yb6Hbuul3UWlJ7syZ9J
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-