General
-
Target
703a1s0ssssd7da.exe
-
Size
717KB
-
Sample
200709-jx6g2egsna
-
MD5
83f6e8129fd4917311956264f46971f0
-
SHA1
183757c527e8f213be0c1397f40b6cd3979c854c
-
SHA256
a7add0057b62fd19144486d1933b3a68331aebab989192d3f32e5c85f07b8590
-
SHA512
1a31f54a50f6d09765ca1be1c39ac1d6a200e8564926155eab7249407e48029aba312976ccc09328679cf9b0629f7af0448af98ecea6ee0c3c68fc24905bb7d8
Static task
static1
Behavioral task
behavioral1
Sample
703a1s0ssssd7da.exe
Resource
win7
Behavioral task
behavioral2
Sample
703a1s0ssssd7da.exe
Resource
win10v200430
Malware Config
Extracted
\??\M:\Boot\cs-CZ\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?FFFFFFFF
http://helpqvrg3cc5mvb3.onion/
Extracted
\??\M:\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?XOQRTVWY
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
703a1s0ssssd7da.exe
-
Size
717KB
-
MD5
83f6e8129fd4917311956264f46971f0
-
SHA1
183757c527e8f213be0c1397f40b6cd3979c854c
-
SHA256
a7add0057b62fd19144486d1933b3a68331aebab989192d3f32e5c85f07b8590
-
SHA512
1a31f54a50f6d09765ca1be1c39ac1d6a200e8564926155eab7249407e48029aba312976ccc09328679cf9b0629f7af0448af98ecea6ee0c3c68fc24905bb7d8
Score10/10-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-