The submitted file A&P.exe was identified as a variant of the Macoute infostealing worm.Macoute is used to collect information from a compromised system and send it to a C2 server.Macoute collects the following types of information:System informationUser nameComputer nameVolume informationWindows product keyFirefox credentialsWindows Live credentialsInternet Explorer cached URLsScreen capturesKeystroke dataMacoute is capable of scanning for attached removable storage devices and copying itself to removable storage devices in order to propagate to other computers.Threat TypeInfostealerThreat GroupN/A
Sample Indicators of Compromise:
c:/program files (x86)/win/msn.exe9a6ad96ad1ede099be4f61cc6564cdb8b121ac2b3ef0a67e478cb911a41a7364