General
-
Target
freerobux.exe
-
Size
19.6MB
-
Sample
240517-y8h7vahe2y
-
MD5
ed049eea7dd42a25d83dd75c377294a0
-
SHA1
52b75bc55d1bb28dd3ae6a016de961d4f543ba9b
-
SHA256
fa295367c659cffaa8b33f0a2877a8a3385711c1e0b99672e8268a789a8eb976
-
SHA512
776c910108258e5f95e5d4753383a199a952f721eec1e5c7b8381c5e45261e458a52615bf5a4e148259a3866e8b6d368796ea62cd60841263646180a2efca10b
-
SSDEEP
393216:/QtsFr7M5livQETSTvJQnqOqK8/7zdCRd7W:/QtsB7M5lmQEWThQhoU
Malware Config
Targets
-
-
Target
freerobux.exe
-
Size
19.6MB
-
MD5
ed049eea7dd42a25d83dd75c377294a0
-
SHA1
52b75bc55d1bb28dd3ae6a016de961d4f543ba9b
-
SHA256
fa295367c659cffaa8b33f0a2877a8a3385711c1e0b99672e8268a789a8eb976
-
SHA512
776c910108258e5f95e5d4753383a199a952f721eec1e5c7b8381c5e45261e458a52615bf5a4e148259a3866e8b6d368796ea62cd60841263646180a2efca10b
-
SSDEEP
393216:/QtsFr7M5livQETSTvJQnqOqK8/7zdCRd7W:/QtsB7M5lmQEWThQhoU
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-