General
-
Target
TT SLIP.exe
-
Size
621KB
-
Sample
200707-wv2csv8sjj
-
MD5
9be7ccf2784692c34f0a23ee1c6cdf96
-
SHA1
50893829429e45ae306e74499339fb4e71356bf6
-
SHA256
1783a9996138d2b199496d53340e7a68f0f265af553a4caabaaf5fe1ada46e3c
-
SHA512
8be8a31b093a0b5063c861233c92c6b8caac37ccdb7b3198e597cceeb720edd06dd818231d46af0effc987bd0b22048b58abcf2ca95ad3df7708a5d896cc6b7e
Static task
static1
Behavioral task
behavioral1
Sample
TT SLIP.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
TT SLIP.exe
Resource
win10
Malware Config
Targets
-
-
Target
TT SLIP.exe
-
Size
621KB
-
MD5
9be7ccf2784692c34f0a23ee1c6cdf96
-
SHA1
50893829429e45ae306e74499339fb4e71356bf6
-
SHA256
1783a9996138d2b199496d53340e7a68f0f265af553a4caabaaf5fe1ada46e3c
-
SHA512
8be8a31b093a0b5063c861233c92c6b8caac37ccdb7b3198e597cceeb720edd06dd818231d46af0effc987bd0b22048b58abcf2ca95ad3df7708a5d896cc6b7e
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-