General
-
Target
Update.exe
-
Size
9.0MB
-
Sample
240805-1sr6xstcmf
-
MD5
34b23c73394239078a1cdb1fcf3f8b4a
-
SHA1
e76f7e0960947aea0d9032b534e37774d472c29c
-
SHA256
ffad905824c350e3785a9e479bd374ca5ef9cabf9b2d72f18d5b0e09ab34e129
-
SHA512
e506f5cbe5e52c29a3ed763c1fe2a44fb19dae0499f0aaa802d34c98431f3f1e8025f0cefd4d6fe85e9d95bcbfbde4793e8ccc2156908a7fae563507f2076c45
-
SSDEEP
196608:8cEk++FbLdQmRJ8dA6l7aycBIGpEGo6hTOv+QK2Jx0w:JEklXdQusl29foWOv+92Jxn
Malware Config
Targets
-
-
Target
Update.exe
-
Size
9.0MB
-
MD5
34b23c73394239078a1cdb1fcf3f8b4a
-
SHA1
e76f7e0960947aea0d9032b534e37774d472c29c
-
SHA256
ffad905824c350e3785a9e479bd374ca5ef9cabf9b2d72f18d5b0e09ab34e129
-
SHA512
e506f5cbe5e52c29a3ed763c1fe2a44fb19dae0499f0aaa802d34c98431f3f1e8025f0cefd4d6fe85e9d95bcbfbde4793e8ccc2156908a7fae563507f2076c45
-
SSDEEP
196608:8cEk++FbLdQmRJ8dA6l7aycBIGpEGo6hTOv+QK2Jx0w:JEklXdQusl29foWOv+92Jxn
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
39KB
-
MD5
534596a14650479e6e9a65f09e2f98b2
-
SHA1
04bf7d6539383bace5d723c60832ddf84dad60a3
-
SHA256
684c711d0f260d31a8df54012f5181a446bdf075fadf66ba4720d31761acc9c4
-
SHA512
257b607ac40e7bd86e50f43d2014305e840d31534e35e124b6cd4647aad2fa1d8ed80d1fd823c10ece04e8c90690fdb45ee604ebe062e69ce863925959f47acf
-
SSDEEP
768:HSqy6kRKsZ813i/QAUpJs9swT891XytEXgt46okRUDjq9WrWWSgmROtkx0dHr0uR:yykM+4iWJsu5jJo9RUnqwrWWSgqOM0dX
Score3/10 -