General
-
Target
crier.exe
-
Size
24.6MB
-
Sample
240617-fl3c4azann
-
MD5
8e148c086c3c73ad907fc44f0a56c126
-
SHA1
74f5c301256e843e80c14658aa4ea2dba8b4c95c
-
SHA256
aa92d281e165aec16595ade2508dcb73c18853d3043abb61cfb5a6fd1672774c
-
SHA512
006e950e70fefd0f4c5555340ff81d7e5ddf4c1f9d616fececb94a47083f5d016df6a572e3b25a4fc599e8c2a606f6754fec5f0e8106deab5bfdd65f2411b7e3
-
SSDEEP
393216:ZV9bEc3P3QdXGpiLBd8PvIxj9Yr2geY3G2QCSiSz/Wd/99l25t9gdr:D9H/Q+i/KvI/Yr7F2vHiSu/3g5tmd
Malware Config
Targets
-
-
Target
crier.exe
-
Size
24.6MB
-
MD5
8e148c086c3c73ad907fc44f0a56c126
-
SHA1
74f5c301256e843e80c14658aa4ea2dba8b4c95c
-
SHA256
aa92d281e165aec16595ade2508dcb73c18853d3043abb61cfb5a6fd1672774c
-
SHA512
006e950e70fefd0f4c5555340ff81d7e5ddf4c1f9d616fececb94a47083f5d016df6a572e3b25a4fc599e8c2a606f6754fec5f0e8106deab5bfdd65f2411b7e3
-
SSDEEP
393216:ZV9bEc3P3QdXGpiLBd8PvIxj9Yr2geY3G2QCSiSz/Wd/99l25t9gdr:D9H/Q+i/KvI/Yr7F2vHiSu/3g5tmd
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
obfuscated_crier.pyc
-
Size
103KB
-
MD5
43e26a4a0de6aec268d8931826c60f83
-
SHA1
e40cf12bf23950ad717070b1a8d901a010d87e95
-
SHA256
dcc265111a1050d4aaf5451a6719974857db749cd18750e66e331bf0411f12f2
-
SHA512
52db44ae68f773353529360e4b8a90fed3c723c391dd66bb0fd7dab9e6d9b24a6180b09582fe16bf53abc35d58b55325eb239527198792bf4c159270b46a92bf
-
SSDEEP
3072:2xyucLLy0tUDeuP0MmUFOtI3p7D/VqasqkNYW+ohB:Lucny0tUSu1mUFOtisrz
Score3/10 -