General
-
Target
568a1s0ssssd7da.exe
-
Size
717KB
-
Sample
200709-pr4abt2kh2
-
MD5
694515cebc637b78ef56b8f23c60b9a3
-
SHA1
266db1b85eebf7b3b0128ddbfcea85e3c428c12b
-
SHA256
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
-
SHA512
baad45d41b5b6c50803bcb09221aa21316295f0ad1db009167c03070a4e600c0554d43904ff67150662860d1ce080029ecdaa96b006d0c5d56560bb417d35442
Static task
static1
Behavioral task
behavioral1
Sample
568a1s0ssssd7da.exe
Resource
win7
Behavioral task
behavioral2
Sample
568a1s0ssssd7da.exe
Resource
win10v200430
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?VVVVVVVV
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\Boot\bg-BG\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?IABDFGIJ
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
568a1s0ssssd7da.exe
-
Size
717KB
-
MD5
694515cebc637b78ef56b8f23c60b9a3
-
SHA1
266db1b85eebf7b3b0128ddbfcea85e3c428c12b
-
SHA256
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
-
SHA512
baad45d41b5b6c50803bcb09221aa21316295f0ad1db009167c03070a4e600c0554d43904ff67150662860d1ce080029ecdaa96b006d0c5d56560bb417d35442
Score10/10-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-