General
-
Target
XINOF.exe
-
Size
561KB
-
Sample
200712-55dcwcmw3n
-
MD5
ff23cd4f45d231f8af9f23a2e730bee6
-
SHA1
0eea13dc19ab5de9ec7ffd81ef89bddf5994f6ef
-
SHA256
4ce5dda2c3d39cc6c22058add4b64fbedc20f11ba06768b0a3b959f20c88f5fa
-
SHA512
78c90354ca919c7bdce56034b1a432e7c3a0860b9faf9d351f74c50c3a8521c343a29d5c9c8babbedcc741acdc4138dc6e3cdc2c8e337f97ed5b99cf583102e8
Static task
static1
Behavioral task
behavioral1
Sample
XINOF.exe
Resource
win7
Behavioral task
behavioral2
Sample
XINOF.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
XINOF.exe
-
Size
561KB
-
MD5
ff23cd4f45d231f8af9f23a2e730bee6
-
SHA1
0eea13dc19ab5de9ec7ffd81ef89bddf5994f6ef
-
SHA256
4ce5dda2c3d39cc6c22058add4b64fbedc20f11ba06768b0a3b959f20c88f5fa
-
SHA512
78c90354ca919c7bdce56034b1a432e7c3a0860b9faf9d351f74c50c3a8521c343a29d5c9c8babbedcc741acdc4138dc6e3cdc2c8e337f97ed5b99cf583102e8
Score8/10-
Disables Task Manager via registry modification
-
Drops startup file
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Drops desktop.ini file(s)
-