General
-
Target
62a107
-
Size
156KB
-
Sample
200713-1gfknc8nwa
-
MD5
ddb0136ad007d0b77ca903688776dbc6
-
SHA1
f3d9ca6d33be62b382b3ed2446b733938cac5245
-
SHA256
5852518bca655111976a3d44d8418dac0fcdf45338a5a00e66a9e9d4d2dd6122
-
SHA512
088b2d10929c834f2b52016bb6df50b4eabc2cca4699fc052bf1113c6285946e72a53c69ac466221febef595e83f433117dd462746d0cd0f6645807b0a708b78
Static task
static1
Behavioral task
behavioral1
Sample
62a107.exe
Resource
win7
Behavioral task
behavioral2
Sample
62a107.exe
Resource
win10v200430
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?QQQQQQQQ
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
62a107
-
Size
156KB
-
MD5
ddb0136ad007d0b77ca903688776dbc6
-
SHA1
f3d9ca6d33be62b382b3ed2446b733938cac5245
-
SHA256
5852518bca655111976a3d44d8418dac0fcdf45338a5a00e66a9e9d4d2dd6122
-
SHA512
088b2d10929c834f2b52016bb6df50b4eabc2cca4699fc052bf1113c6285946e72a53c69ac466221febef595e83f433117dd462746d0cd0f6645807b0a708b78
Score10/10-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-