General
-
Target
shadowapi.exe
-
Size
14.4MB
-
Sample
240630-lebvfsygjj
-
MD5
3888625daaafdb98bf85bf9c79dbe483
-
SHA1
41cab789f975f068ee7ce69491995607db5f06ad
-
SHA256
52a6d1c7746a692b493e8524b042afa64d84c9f84d2448ecf5ba98bfc2b35304
-
SHA512
bfc7ebf8e90ffdc916a7bc5f8adb71cb54838e58c98dd15d4e49ee16a966796061ca3888a2b00eb7f284c5aa7386f6d9c79c1ba5d70debfa4e60d1228ac8e8a9
-
SSDEEP
393216:aEkZQVBl80QAIyCEDLJ83a10KqXdwWJN4s3hU2eeLZc:ahQVj80QABCEDtEaqtw8af
Malware Config
Targets
-
-
Target
shadowapi.exe
-
Size
14.4MB
-
MD5
3888625daaafdb98bf85bf9c79dbe483
-
SHA1
41cab789f975f068ee7ce69491995607db5f06ad
-
SHA256
52a6d1c7746a692b493e8524b042afa64d84c9f84d2448ecf5ba98bfc2b35304
-
SHA512
bfc7ebf8e90ffdc916a7bc5f8adb71cb54838e58c98dd15d4e49ee16a966796061ca3888a2b00eb7f284c5aa7386f6d9c79c1ba5d70debfa4e60d1228ac8e8a9
-
SSDEEP
393216:aEkZQVBl80QAIyCEDLJ83a10KqXdwWJN4s3hU2eeLZc:ahQVj80QABCEDtEaqtw8af
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-