General
-
Target
RadScript-LMT.exe
-
Size
19.1MB
-
Sample
240704-kcsvhsvbqh
-
MD5
25cfe3f6f6b47138bfa5355390c6ffa8
-
SHA1
cdd13d7c9357617c0ee33fffc808e6d8fc0b36e5
-
SHA256
3861d7fe3442f5655f97538efeb8e275e0b4f5073d278ebd6ed0c1402f664f63
-
SHA512
a83056c0564bbedb5d99d7cee67f5f192170505c67dc73f87b1621b742b40b7487c831d6cae9ff1fd6b68ebf782770abf36a652f1e51bfc39c3b38c9739a740d
-
SSDEEP
393216:kqPnLFXlrFWmQ6DOETgsvfGFNgw91rvO4Enz8BHxT7m:FPLFXNFRQrEYvqL8BHA
Malware Config
Targets
-
-
Target
RadScript-LMT.exe
-
Size
19.1MB
-
MD5
25cfe3f6f6b47138bfa5355390c6ffa8
-
SHA1
cdd13d7c9357617c0ee33fffc808e6d8fc0b36e5
-
SHA256
3861d7fe3442f5655f97538efeb8e275e0b4f5073d278ebd6ed0c1402f664f63
-
SHA512
a83056c0564bbedb5d99d7cee67f5f192170505c67dc73f87b1621b742b40b7487c831d6cae9ff1fd6b68ebf782770abf36a652f1e51bfc39c3b38c9739a740d
-
SSDEEP
393216:kqPnLFXlrFWmQ6DOETgsvfGFNgw91rvO4Enz8BHxT7m:FPLFXNFRQrEYvqL8BHA
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-