General
-
Target
Colourant.exe
-
Size
10.1MB
-
Sample
240528-swfy3aac9s
-
MD5
19de00924e0bf8e5e63497c586adf78a
-
SHA1
f80015897a70bad3d5a577df6dd67ea68b101761
-
SHA256
eb97b6bc1f315896add024323ec197fcf17a899466037e765ac66abf73c1063b
-
SHA512
20d268279e8c835dd1cb0378f563e56baf3724dacf34474bb15fd73cc63fb17d648fcfdbdd197e4f7e405e4cd310b400ed507de163fef617a6b39888424b58be
-
SSDEEP
196608:Ah65Ekh1kb5RYqF1W903eV4QRM993iObMAR1jQmGYuuLmBri+91P+ktv:TEkh2FGiW+eGQRe93iObLRS/MLMri6nh
Malware Config
Targets
-
-
Target
Colourant.exe
-
Size
10.1MB
-
MD5
19de00924e0bf8e5e63497c586adf78a
-
SHA1
f80015897a70bad3d5a577df6dd67ea68b101761
-
SHA256
eb97b6bc1f315896add024323ec197fcf17a899466037e765ac66abf73c1063b
-
SHA512
20d268279e8c835dd1cb0378f563e56baf3724dacf34474bb15fd73cc63fb17d648fcfdbdd197e4f7e405e4cd310b400ed507de163fef617a6b39888424b58be
-
SSDEEP
196608:Ah65Ekh1kb5RYqF1W903eV4QRM993iObMAR1jQmGYuuLmBri+91P+ktv:TEkh2FGiW+eGQRe93iObLRS/MLMri6nh
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
75KB
-
MD5
c6d286d48e801a5cb425fd1a076252ac
-
SHA1
6fb854f51c0d8a8bef0d96285044db28bb9bfbb4
-
SHA256
2da5e8ce9f9c5198e21852f1d83fbb193a05c96eee9c9e98c839afa47a55994b
-
SHA512
a72af23131434f5df59fd022734e5a09b5688f02b2f05afe9a0ac96ada551fb7e4530e0ab5327ec95590dd282908a8f9e41c1e8432de7e0ab74ad7e88b6982c8
-
SSDEEP
1536:DvIiOtbZ3vkwsJlYaa2Is8qRai+joMFpuP4grrRheEX:DvQr9t2Is8H6MeP4grrRnX
Score3/10 -