General
-
Target
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
-
Size
27KB
-
Sample
200708-95zdmv32xs
-
MD5
4ae2e5156253fbeed2c6f13a066c98a1
-
SHA1
db318de72c2cdda1822999441d23b91e933a772b
-
SHA256
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
-
SHA512
c00c1c47e4cffaa3078885bbca42e6663bb478ec33b5b742c752412b204af55bf94008868264d0b03279339017732330e64c52d3b20f55e347194f65f2147be2
Static task
static1
Behavioral task
behavioral1
Sample
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
Resource
win7
Behavioral task
behavioral2
Sample
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
Resource
win10v200430
Malware Config
Extracted
C:\How_To_Restore_Your_Files.txt
http://coindesk.com/information/how-can-i-buy-bitcoins
Extracted
C:\Users\Admin\Desktop\info.hta
Extracted
C:\How_To_Restore_Your_Files.txt
http://coindesk.com/information/how-can-i-buy-bitcoins
Targets
-
-
Target
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
-
Size
27KB
-
MD5
4ae2e5156253fbeed2c6f13a066c98a1
-
SHA1
db318de72c2cdda1822999441d23b91e933a772b
-
SHA256
1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
-
SHA512
c00c1c47e4cffaa3078885bbca42e6663bb478ec33b5b742c752412b204af55bf94008868264d0b03279339017732330e64c52d3b20f55e347194f65f2147be2
Score10/10-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Drops desktop.ini file(s)
-