General
-
Target
6a1s0ssssd7da.exe
-
Size
717KB
-
Sample
200709-yb76l9hh5x
-
MD5
ae1941234e5d7a3402e5f10432b2cf44
-
SHA1
7b817fa8a163e3450d7122c6fc7ad92e93000986
-
SHA256
d4d432c94d69e9a57f473c042f53abc181aa8919981206a3714201f429c19b44
-
SHA512
2a19cfc3a6d8c612bcb90c95bc21ee9dea18f4d3d9e66c89cff342d377107e44263a63c074a2e418a2ea617518f74f3a09f6a971b8126777fce30bbc68d52be7
Static task
static1
Behavioral task
behavioral1
Sample
6a1s0ssssd7da.exe
Resource
win7
Behavioral task
behavioral2
Sample
6a1s0ssssd7da.exe
Resource
win10
Malware Config
Extracted
\??\M:\Boot\cs-CZ\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?VVVVVVVV
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\Boot\bg-BG\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?HYABDFGI
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
6a1s0ssssd7da.exe
-
Size
717KB
-
MD5
ae1941234e5d7a3402e5f10432b2cf44
-
SHA1
7b817fa8a163e3450d7122c6fc7ad92e93000986
-
SHA256
d4d432c94d69e9a57f473c042f53abc181aa8919981206a3714201f429c19b44
-
SHA512
2a19cfc3a6d8c612bcb90c95bc21ee9dea18f4d3d9e66c89cff342d377107e44263a63c074a2e418a2ea617518f74f3a09f6a971b8126777fce30bbc68d52be7
Score10/10-
Modifies Installed Components in the registry
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-