General
-
Target
167a1s0ssssd7da.exe
-
Size
717KB
-
Sample
200709-c8b66t5den
-
MD5
1e62148d865a96d50b93185bc61ad335
-
SHA1
e3d4d55d2d92e594cee2e1f11779935957521a53
-
SHA256
0837d362bdddd62f2ecafa411a7b97715dda386a5cdf7723d686687b9a1c776c
-
SHA512
931caefe454c45cd7f07ce71125b3fd101207c2034370a69ebb1d66208cdff580d49a7041eee9a91f64766003dae99cc423d1312109bdefe5de3bec85755f280
Static task
static1
Behavioral task
behavioral1
Sample
167a1s0ssssd7da.exe
Resource
win7
Behavioral task
behavioral2
Sample
167a1s0ssssd7da.exe
Resource
win10v200430
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?LLLLLLLL
http://helpqvrg3cc5mvb3.onion/
Extracted
\??\M:\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?ZRSUVXZA
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
167a1s0ssssd7da.exe
-
Size
717KB
-
MD5
1e62148d865a96d50b93185bc61ad335
-
SHA1
e3d4d55d2d92e594cee2e1f11779935957521a53
-
SHA256
0837d362bdddd62f2ecafa411a7b97715dda386a5cdf7723d686687b9a1c776c
-
SHA512
931caefe454c45cd7f07ce71125b3fd101207c2034370a69ebb1d66208cdff580d49a7041eee9a91f64766003dae99cc423d1312109bdefe5de3bec85755f280
Score10/10-
Modifies Installed Components in the registry
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-