Resubmissions
18-06-2024 09:06
240618-k2pt6a1bjq 10General
-
Target
17785798976.zip
-
Size
98KB
-
Sample
240618-k2pt6a1bjq
-
MD5
9cb96848386327410ca588b6cd5f6401
-
SHA1
968c4ae64dcb71c9eeffd812ef38a69d5548b3bb
-
SHA256
0ed5729655b3f09c29878e1cc10de55e0cbfae7ac344f574d471827c256cf086
-
SHA512
9376295b1dec89b18929b182a15a76163429f238a222b58d112c33006f19f33411314554fa5dbe12280d1278a17d5be04bc78aa52636965e7597d28153270940
-
SSDEEP
3072:XVNK3GFlSbCrEEcoDhYXARN1fKxf4vV9pN:XPKCyodNYxwvpN
Malware Config
Extracted
C:\sYMY1N6ah.README.txt
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Targets
-
-
Target
eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
-
Size
147KB
-
MD5
448f1796fe8de02194b21c0715e0a5f6
-
SHA1
935c0b39837319fda571aa800b67d997b79c3198
-
SHA256
eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
-
SHA512
0b93b2c881b1351ff688089abf12bbfcff279c5d6ca8733d6d821c83148d73c85cfedf5ab5bc02c2145970124b518551db3a9fc701d8084f01009ae20f71a831
-
SSDEEP
3072:l6glyuxE4GsUPnliByocWep0yjEJ3hDRMK89nB2:l6gDBGpvEByocWeebbMjV4
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-