General
-
Target
de693a0ae0b1cdefbe778a8d8af1cd9d.exe
-
Size
717KB
-
Sample
200712-4yyjkgb82a
-
MD5
de693a0ae0b1cdefbe778a8d8af1cd9d
-
SHA1
bc7fd9e2066415a9939d25c0c9ea2ee29176726a
-
SHA256
6dc5dc06eba82eb3dbfc51c48f44a0b6bc519d2432d357cb84d65cf7b9b4e763
-
SHA512
a82b2dc6aa9b48346c8747db22153249f18c76e45ddbd503144cae6853cb5d7c839839521dc83a6046a9b5e04b1ff81ab46aa7f9d1101a11b5eead6d6c4bba4d
Static task
static1
Behavioral task
behavioral1
Sample
de693a0ae0b1cdefbe778a8d8af1cd9d.exe
Resource
win7
Behavioral task
behavioral2
Sample
de693a0ae0b1cdefbe778a8d8af1cd9d.exe
Resource
win10
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?FFFFFFFF
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\Boot\bg-BG\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?FWYZBDEG
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
de693a0ae0b1cdefbe778a8d8af1cd9d.exe
-
Size
717KB
-
MD5
de693a0ae0b1cdefbe778a8d8af1cd9d
-
SHA1
bc7fd9e2066415a9939d25c0c9ea2ee29176726a
-
SHA256
6dc5dc06eba82eb3dbfc51c48f44a0b6bc519d2432d357cb84d65cf7b9b4e763
-
SHA512
a82b2dc6aa9b48346c8747db22153249f18c76e45ddbd503144cae6853cb5d7c839839521dc83a6046a9b5e04b1ff81ab46aa7f9d1101a11b5eead6d6c4bba4d
Score10/10-
Modifies Installed Components in the registry
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-