General
-
Target
a37456f2d691115c36021bae6b6de841aa41e9e82b4bf7187bf0463fb48b3f12
-
Size
635KB
-
Sample
241014-pknyrazcpm
-
MD5
44350eb3cfef14ba280ea9475284f0af
-
SHA1
3ae86d2af7a4c868580f4c597781f04154cad1a3
-
SHA256
a37456f2d691115c36021bae6b6de841aa41e9e82b4bf7187bf0463fb48b3f12
-
SHA512
3c71ad19c8b441271add079beab79b298ec416f130a769224b517306823afe3500ce6febb0e11f401e6cc2181573c769f30dbfbc3ecfbad75c548989230678ea
-
SSDEEP
12288:8bqgVniwCDO6TT0aKh/9mbjjI/et5E/Z4G70iHsPOqR42u3pslJBmKmDms5YAz:8bqqni6gKh/wjjOeUxd1y42uylJts55
Malware Config
Targets
-
-
Target
Inquir_983723.exe
-
Size
908KB
-
MD5
e15426db0028ada95c7d3828539cdb08
-
SHA1
6c1d97ac3472789bb18b4fed565e97c468243000
-
SHA256
eacafb6f0ee671ceaf6a5c37859c2814aed689b080354fc6581a2faaef687a93
-
SHA512
2328f5f885db220a4d9d073076ab7414c8eb9edebae674ebbdef20e09634907894174ed1efe4b5d25583a303706cc1e372fe58c0c29e3cfd30c50321f13af5e9
-
SSDEEP
12288:KN59USRIGeu/KrEjkmnv0wq+uXhG+4PytLvmINsZ2/glZLD2HjvJSFO01PN5cmJy:KxKGxirE3p8AytLe+dbJSPPw/
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-