Extracted

• • Target

    fdf493e7b3d599f645fe0ec1c2ef20f7040c31a028ac954ea6596d71a3a109e3N

  • Size

    200KB

  • MD5

    e084a43630b34f1c1df862f965d51a10

  • SHA1

    95add3670a38124d3ea0f79c6255287feb2844b2

  • SHA256

    fdf493e7b3d599f645fe0ec1c2ef20f7040c31a028ac954ea6596d71a3a109e3

  • SHA512

    4303687f83b76a99ab2b07edb7c11a2bf4f33b0c6e7363ccb5988ea1b9dd6c645a2426a67507fcfa4b296dc71ac1fb528a657d423f90ef52711b96edc7ba854f

  • SSDEEP

    3072:2GqUIPOWeQyB/qM9djctpsO/r6ElSVN2x4N:BqUaONHBiM/4tKm

  Score

  10^/10

  credential_accessdiscoveryspywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral1behavioral2