General
-
Target
cstealer.exe
-
Size
8.3MB
-
Sample
240628-z8961avhlk
-
MD5
50c10a59833fd384faae619f34e89d8e
-
SHA1
395055fdecb941b6b5a8f235e8af86e033218cff
-
SHA256
ceda488a3a0cfa7a96bf5997e50e9bd0b0194ca0949d57dd6b944cb63e777fc8
-
SHA512
ede38d7deae6bd45f30e91ca9601508736b3a626b06db26296a00d8d41ec6707d22fa78ac4704cf6ecce013d18c0ed94e8206b3e983571602bdc5eb006327189
-
SSDEEP
196608:9pEk++GoXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfloRDeZ:fEkmkdQusl29foWOv+9floRQ
Malware Config
Targets
-
-
Target
cstealer.exe
-
Size
8.3MB
-
MD5
50c10a59833fd384faae619f34e89d8e
-
SHA1
395055fdecb941b6b5a8f235e8af86e033218cff
-
SHA256
ceda488a3a0cfa7a96bf5997e50e9bd0b0194ca0949d57dd6b944cb63e777fc8
-
SHA512
ede38d7deae6bd45f30e91ca9601508736b3a626b06db26296a00d8d41ec6707d22fa78ac4704cf6ecce013d18c0ed94e8206b3e983571602bdc5eb006327189
-
SSDEEP
196608:9pEk++GoXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfloRDeZ:fEkmkdQusl29foWOv+9floRQ
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-