General
-
Target
2c4cf819ba86ce88e6bb352d159d353b.bin
-
Size
757KB
-
Sample
240817-bhafpa1gnr
-
MD5
dc2e2365b7a53efc2429fed5f3f82cd3
-
SHA1
4df75d4d297f758be60d8668ffff76a5a4077bec
-
SHA256
e19a57bdd0541613680509ec07e1c62f30bc58307e45db642d9a6561b2938b04
-
SHA512
f920f3d79774a5feedeac744339c8617e55d6fa494cfb6756c9635202c0a86fd66289139da2bd7e1b179701d9d967d4ef850bc72bfcd20cf92410f98a624c9af
-
SSDEEP
12288:MxsnlbGiMskCn70tWwN279MGVjwYFeTs155upBgeDxpEcsiDtNz9N:SsnVVMQ4MpMcjw4ewlwgeDxp2ibBN
Malware Config
Targets
-
-
Target
7eafa69b06a236e9dda3903e82a08228808f1bbb3c470eb7bfae0a2f4b13ae4f.exe
-
Size
825KB
-
MD5
2c4cf819ba86ce88e6bb352d159d353b
-
SHA1
846308b0c14281b8a604c3db547b8ee9573054c6
-
SHA256
7eafa69b06a236e9dda3903e82a08228808f1bbb3c470eb7bfae0a2f4b13ae4f
-
SHA512
7c121a46c35352cd4de1c1c1bd8dffbb0d24e3c8c612c7dfaf3beb27967d0fddb6b30f2910dd1bc03022a1139816da736c887bed9ac578aecb6cb0d52d36f73d
-
SSDEEP
12288:XoQyRAbRF72iu73FgXqXfbZv2q8ccm9DeE3rgMTEZEdo/FrGSnDF74hU9:SaRF73IyyfzuRF/4m
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-