General
-
Target
240626-cl8ckaydld_pw_infected.zip
-
Size
98KB
-
Sample
240626-grc6ts1hpn
-
MD5
f643249de0d5e578f2981a520c560f21
-
SHA1
8b5970bab9cc2abacad4ad8078f3127eeff3bad3
-
SHA256
43336782406f2c2ba84b016942c64bfbbe82cfda32ade4ee6d93a41ba051bd34
-
SHA512
5fd8ab540ed5c8e41a943bb7b822b97754a0c86bb9156537a43bda1195e774b231d9419a1bbefb474bc938df9d5685a516f3ae4261ef0e4a02414a28f2bbdfea
-
SSDEEP
1536:etXSIEevNEPV8XhSpX1RMUDwKX6Ysq4qG48Cy9BBCcIKAeOZ54LzUR/di1o8+mzG:edSId1yOx8FDD7q9uc2/UK/M1Vfel
Malware Config
Extracted
C:\sYMY1N6ah.README.txt
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Targets
-
-
Target
eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
-
Size
147KB
-
MD5
448f1796fe8de02194b21c0715e0a5f6
-
SHA1
935c0b39837319fda571aa800b67d997b79c3198
-
SHA256
eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
-
SHA512
0b93b2c881b1351ff688089abf12bbfcff279c5d6ca8733d6d821c83148d73c85cfedf5ab5bc02c2145970124b518551db3a9fc701d8084f01009ae20f71a831
-
SSDEEP
3072:l6glyuxE4GsUPnliByocWep0yjEJ3hDRMK89nB2:l6gDBGpvEByocWeebbMjV4
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-