General
-
Target
Atikus9Bumpers.exe
-
Size
278.1MB
-
Sample
200709-jpfkz3h3le
-
MD5
c8e4fd178e3816a8507efd185f8f3b26
-
SHA1
b20226115f0d6330182b7ae9bdbfdb3855de6641
-
SHA256
69f40b23e0605683899e5df5d843266665790fce6c7e61fc84c7c85f53313dfa
-
SHA512
4e31091d35cd593531917c611d284907e43e473800464c22937443a5649d84de9b47fa6d33d06e6fdfb6ae177d5f10c6ead73fa42f10d8186037ec5096e60ff3
Static task
static1
Behavioral task
behavioral1
Sample
Atikus9Bumpers.exe
Resource
win7
Behavioral task
behavioral2
Sample
Atikus9Bumpers.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Atikus9Bumpers.exe
-
Size
278.1MB
-
MD5
c8e4fd178e3816a8507efd185f8f3b26
-
SHA1
b20226115f0d6330182b7ae9bdbfdb3855de6641
-
SHA256
69f40b23e0605683899e5df5d843266665790fce6c7e61fc84c7c85f53313dfa
-
SHA512
4e31091d35cd593531917c611d284907e43e473800464c22937443a5649d84de9b47fa6d33d06e6fdfb6ae177d5f10c6ead73fa42f10d8186037ec5096e60ff3
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-