General
-
Target
4900fee0c0c64971d22c67a50cab860cf5a384a8ceb0e5a1d42f9eb301d1a1a7N.exe
-
Size
7.6MB
-
Sample
241219-zd7sdsypg1
-
MD5
98e9b94295588f9892a191cbe70f7d50
-
SHA1
e198195317c3b0f20ae52834032a9ec93efa5a78
-
SHA256
4900fee0c0c64971d22c67a50cab860cf5a384a8ceb0e5a1d42f9eb301d1a1a7
-
SHA512
e297d6afd96d89759f1959398c106451b9bfb8bfbfccd58c84c4e6c74cb5158cc34caf75832a19e67c95a9768311c2d90354b5216d69cc2c0e6d869b00893510
-
SSDEEP
196608:b0D+kd8wfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW1:o5VIHL7HmBYXrYSaUND
Malware Config
Targets
-
-
Target
4900fee0c0c64971d22c67a50cab860cf5a384a8ceb0e5a1d42f9eb301d1a1a7N.exe
-
Size
7.6MB
-
MD5
98e9b94295588f9892a191cbe70f7d50
-
SHA1
e198195317c3b0f20ae52834032a9ec93efa5a78
-
SHA256
4900fee0c0c64971d22c67a50cab860cf5a384a8ceb0e5a1d42f9eb301d1a1a7
-
SHA512
e297d6afd96d89759f1959398c106451b9bfb8bfbfccd58c84c4e6c74cb5158cc34caf75832a19e67c95a9768311c2d90354b5216d69cc2c0e6d869b00893510
-
SSDEEP
196608:b0D+kd8wfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW1:o5VIHL7HmBYXrYSaUND
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-