General
-
Target
SecuriteInfo.com.Win32.Heri.26282.24061
-
Size
375KB
-
Sample
200711-syt8n3gj2s
-
MD5
ee742e9dfe68e5f4633d4d2ef3fce549
-
SHA1
268ac787a5186a5e1be68f84efad6092d05fee9e
-
SHA256
2d1f82ffe2e3ab1a52e3b34e54126ca063cb8b84424138d77338c106950c22ec
-
SHA512
d3e70fe3c0e14ccac8636e4614ead7473e69427a072c8a4634514747b6bf92bf58b474d6af2c5613df8c2a1496e6a6fbc555d2427730972cf168f37a97d5aaec
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Heri.26282.24061.exe
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Heri.26282.24061.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.Heri.26282.24061
-
Size
375KB
-
MD5
ee742e9dfe68e5f4633d4d2ef3fce549
-
SHA1
268ac787a5186a5e1be68f84efad6092d05fee9e
-
SHA256
2d1f82ffe2e3ab1a52e3b34e54126ca063cb8b84424138d77338c106950c22ec
-
SHA512
d3e70fe3c0e14ccac8636e4614ead7473e69427a072c8a4634514747b6bf92bf58b474d6af2c5613df8c2a1496e6a6fbc555d2427730972cf168f37a97d5aaec
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-