61b17734d2ffda75123235dbfa8590df19e6452878d5251fc8822d3cf5588e11

General

Target

61b17734d2ffda75123235dbfa8590df19e6452878d5251fc8822d3cf5588e11
Size

1.7MB
Sample

240907-s5r3pa1cql
MD5

fe74f2370bf0061917c66ca801d05e2f
SHA1

0ac2dbb4f3f8250481697f9c35eb837cf382fc0d
SHA256

61b17734d2ffda75123235dbfa8590df19e6452878d5251fc8822d3cf5588e11
SHA512

62103654244affc8ac30457ed6bce0c235eb885de3b9a36cce38ca7d7b24db537dfc9d5f8aec7ec50e1a294a12da4ffac4e5346aa981c5a06c1cf690bf4d7e8f
SSDEEP

24576:XQwMwW4AhjD3JPxQkDgF4bkJuh67GoesHjmhSX7a+FEDa1Kre8MnRus2l:VMHblp9kJvVXR0bs2l

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
45.200.149.135
Port:
21
Username:
delphi
Password:
fatima321

Targets

- Target
  
  61b17734d2ffda75123235dbfa8590df19e6452878d5251fc8822d3cf5588e11
- Size
  
  1.7MB
- MD5
  
  fe74f2370bf0061917c66ca801d05e2f
- SHA1
  
  0ac2dbb4f3f8250481697f9c35eb837cf382fc0d
- SHA256
  
  61b17734d2ffda75123235dbfa8590df19e6452878d5251fc8822d3cf5588e11
- SHA512
  
  62103654244affc8ac30457ed6bce0c235eb885de3b9a36cce38ca7d7b24db537dfc9d5f8aec7ec50e1a294a12da4ffac4e5346aa981c5a06c1cf690bf4d7e8f
- SSDEEP
  
  24576:XQwMwW4AhjD3JPxQkDgF4bkJuh67GoesHjmhSX7a+FEDa1Kre8MnRus2l:VMHblp9kJvVXR0bs2l
Score

10^/10

discovery credential_access evasion persistence privilege_escalation spyware stealer trojan
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2