General
-
Target
ACGyTGconfig.py.exe
-
Size
17.1MB
-
Sample
241010-apbfwsxfmr
-
MD5
f2a2873add4104e9787799a0b028b64d
-
SHA1
60d3db2a993eb787f8a97556e635f821733b5bf2
-
SHA256
9e5fa4a373fe2252bcad56cfd5c56a86a4fad61c62b3abc96216c35fd5f1c28e
-
SHA512
628671ae3ed0a07e77e4862727b0bf0400716602ba1e91b2b8ce465beb144bc94dcb6ec92b7bb7d6e0adb110a23404a6690a42b57c9a43fec0cfb7421e5f207c
-
SSDEEP
393216:9EkcqxgpgPYVnNSMF1+TtIiFvY9Z8D8Ccl6lqI/o5ysIEwo9aLuzK:9kSgpgPQH1QtI6a8DZcIlqkhkwoxK
Malware Config
Targets
-
-
Target
ACGyTGconfig.py.exe
-
Size
17.1MB
-
MD5
f2a2873add4104e9787799a0b028b64d
-
SHA1
60d3db2a993eb787f8a97556e635f821733b5bf2
-
SHA256
9e5fa4a373fe2252bcad56cfd5c56a86a4fad61c62b3abc96216c35fd5f1c28e
-
SHA512
628671ae3ed0a07e77e4862727b0bf0400716602ba1e91b2b8ce465beb144bc94dcb6ec92b7bb7d6e0adb110a23404a6690a42b57c9a43fec0cfb7421e5f207c
-
SSDEEP
393216:9EkcqxgpgPYVnNSMF1+TtIiFvY9Z8D8Ccl6lqI/o5ysIEwo9aLuzK:9kSgpgPQH1QtI6a8DZcIlqkhkwoxK
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-