General
-
Target
Built.exe
-
Size
8.2MB
-
Sample
250114-c5bspstrcy
-
MD5
2a6f831ae5bf9c87d9ab9e13ea8a44b0
-
SHA1
a65b63ca6492fe87fea30c0692ce12acf8f42c12
-
SHA256
f369b199d697c429062ce6dc0bf92eaa19d0ab4bbd2cd0b090d4b15b28c28eef
-
SHA512
29898248be3591d805be9d4000442c226836518fd580b7ddf9ce7b81433d05928355fdb40f40e3cdbb17362a29241d46ac66c92f7998c32fe9050a1bfbe53049
-
SSDEEP
196608:ADRkdewfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWD:AaLIHL7HmBYXrkRoaUNQ
Malware Config
Targets
-
-
Target
Built.exe
-
Size
8.2MB
-
MD5
2a6f831ae5bf9c87d9ab9e13ea8a44b0
-
SHA1
a65b63ca6492fe87fea30c0692ce12acf8f42c12
-
SHA256
f369b199d697c429062ce6dc0bf92eaa19d0ab4bbd2cd0b090d4b15b28c28eef
-
SHA512
29898248be3591d805be9d4000442c226836518fd580b7ddf9ce7b81433d05928355fdb40f40e3cdbb17362a29241d46ac66c92f7998c32fe9050a1bfbe53049
-
SSDEEP
196608:ADRkdewfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWD:AaLIHL7HmBYXrkRoaUNQ
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
T��'$�%.pyc
-
Size
1KB
-
MD5
26a942d27ffbe16e1635d20e4b57988e
-
SHA1
3d65664bfa2aeb95532b4474ceae44e9bcfb154f
-
SHA256
c20d845d5fdee7508664f6c0593419b3a54a68a940a011e4412ae7cb1464b05c
-
SHA512
812bf931c105161e44350b667ab0c637cc64eaf93d2188358783b6c1cfff1ecd8c2d08a4d8b5dc352535447ad6021424542704257eed95aa23bc909fcc99af64
Score1/10 -