Extracted

• • Target

    Major_0x00012BD4C3BDF0(1).exe

  • Size

    1.3MB

  • MD5

    c7ea74a05e864d4d67a2fba6be3bb667

  • SHA1

    be91a12de06e01a7e10b1dd514dbedb699f180e4

  • SHA256

    a01ac4244102e3958296c70d71e3d951f11abcc355458d1918d081587b151d90

  • SHA512

    ad03970be59ae08deaf69ffe3078704f9471a76789c040d695a21ab4ffd95377137ab64f19e33f6d9a9fa1b4ec11bd1c66b4a5bbc55dc413cd79aa6376b6a713

  • SSDEEP

    24576:fWljizSawkL2zmeaAit8v1hUw+hqPNKLkFh:+l2akSz+AitK5EAF

  Score

  10^/10

  babbleloadergurcucollectiondiscoveryloaderpersistencephishingprivilege_escalationspywarestealer

  • BabbleLoader

    BabbleLoader is a malware loader written in C++.

    loaderbabbleloader

  • Babbleloader family

    babbleloader

  • Detects BabbleLoader Payload

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • A potential corporate email address has been identified in the URL: ISL1n_Admin@ONNGJIJU_report.wsr

    phishing

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2