General
-
Target
DvnH2.exe
-
Size
847KB
-
Sample
200709-lh6m9hh66n
-
MD5
bc23e4cf90c63d9a84eb905e6ec82f82
-
SHA1
b82df977fcc19b730ac2cdacec7d3b93617c57ed
-
SHA256
0396da4728728701d82bea35844941b36b6ff001bd4a46b3e3f45d5143205b16
-
SHA512
01007caceb1e777b55d3118f7cb21117f2ca17b4caf211108b90de705c490c472df859da2802d015329b856d1be303bff6f73a624cb720682cea3f1cd0dcddd4
Static task
static1
Behavioral task
behavioral1
Sample
DvnH2.exe
Resource
win7
Behavioral task
behavioral2
Sample
DvnH2.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
DvnH2.exe
-
Size
847KB
-
MD5
bc23e4cf90c63d9a84eb905e6ec82f82
-
SHA1
b82df977fcc19b730ac2cdacec7d3b93617c57ed
-
SHA256
0396da4728728701d82bea35844941b36b6ff001bd4a46b3e3f45d5143205b16
-
SHA512
01007caceb1e777b55d3118f7cb21117f2ca17b4caf211108b90de705c490c472df859da2802d015329b856d1be303bff6f73a624cb720682cea3f1cd0dcddd4
-
Adds Run entry to policy start application
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-