General
-
Target
cstealer.exe
-
Size
10.2MB
-
Sample
240619-tg48satamh
-
MD5
eb8e93bafb96df0abf451db01d9c9cb1
-
SHA1
8bbeb2e4b9e9fcb1aa48fe70419361a2a71e8c4d
-
SHA256
6db549377e2b1fce4232246e110ec3cabc300ef41a469fb410d78b0117113b65
-
SHA512
451020a5a22b63a22305b626f5044173209b48d3253422f5f1de29d40e85870efdb1661ef920db1c1b3d668bc00be808c033c1da1b8d9ac875e2c31adc9de823
-
SSDEEP
196608:thNHEkYcowuLIoBA1HeT39Iigwh1ncKOVVtc972EtQ1NjOfKh:tHEkYcXIq1+TtIiFv0VQx96eKh
Malware Config
Targets
-
-
Target
cstealer.exe
-
Size
10.2MB
-
MD5
eb8e93bafb96df0abf451db01d9c9cb1
-
SHA1
8bbeb2e4b9e9fcb1aa48fe70419361a2a71e8c4d
-
SHA256
6db549377e2b1fce4232246e110ec3cabc300ef41a469fb410d78b0117113b65
-
SHA512
451020a5a22b63a22305b626f5044173209b48d3253422f5f1de29d40e85870efdb1661ef920db1c1b3d668bc00be808c033c1da1b8d9ac875e2c31adc9de823
-
SSDEEP
196608:thNHEkYcowuLIoBA1HeT39Iigwh1ncKOVVtc972EtQ1NjOfKh:tHEkYcXIq1+TtIiFv0VQx96eKh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-