General
-
Target
1d0000.MSBuild.exe
-
Size
151KB
-
Sample
240905-pncd5a1glc
-
MD5
41cf033d05ae0e2c5238a7932cf2dc77
-
SHA1
df885092f397a0a70f26b98c5abb35253d2cb06c
-
SHA256
f307cd4cb26d2d851ca55e9ab039656247ffd3b01b89ad0dcd32adf8e689724b
-
SHA512
eb1a3d4fe54c01c5ed6eb58208fed72aaf628aa6df60f5711f0e8e119a68517d7bc4112c5387858803072b144510fbd7c74f5e44853d3aefa5685979f755ef48
-
SSDEEP
3072:FzFIwXIUVadV/NqI9tw5ojnsbkps3CUBB8owEKctGE:RXcV/55jnsbkps3CUBB81EK
Malware Config
Targets
-
-
Target
1d0000.MSBuild.exe
-
Size
151KB
-
MD5
41cf033d05ae0e2c5238a7932cf2dc77
-
SHA1
df885092f397a0a70f26b98c5abb35253d2cb06c
-
SHA256
f307cd4cb26d2d851ca55e9ab039656247ffd3b01b89ad0dcd32adf8e689724b
-
SHA512
eb1a3d4fe54c01c5ed6eb58208fed72aaf628aa6df60f5711f0e8e119a68517d7bc4112c5387858803072b144510fbd7c74f5e44853d3aefa5685979f755ef48
-
SSDEEP
3072:FzFIwXIUVadV/NqI9tw5ojnsbkps3CUBB8owEKctGE:RXcV/55jnsbkps3CUBB81EK
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-