General
-
Target
2929a107.exe
-
Size
156KB
-
Sample
200713-68jalelat6
-
MD5
16c0db7429d6dc0e88fc5cc50863ad88
-
SHA1
c0259e1e3a715c34cd7b6bb678dd4ed34decfc71
-
SHA256
d32e0d534634c106e906ffb62e5485bca9ee6023eafc3acf6777f1c48d9f8952
-
SHA512
a073a343c2ac19d3223d73b841cfd079dc3f33a56e654ea9c34d0c4836678363421b4b04f480c58af38edf9a7211481509cc676e0881a6687c05823061bb5b84
Static task
static1
Behavioral task
behavioral1
Sample
2929a107.exe
Resource
win7
Behavioral task
behavioral2
Sample
2929a107.exe
Resource
win10v200430
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?QQQQQQQQ
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
2929a107.exe
-
Size
156KB
-
MD5
16c0db7429d6dc0e88fc5cc50863ad88
-
SHA1
c0259e1e3a715c34cd7b6bb678dd4ed34decfc71
-
SHA256
d32e0d534634c106e906ffb62e5485bca9ee6023eafc3acf6777f1c48d9f8952
-
SHA512
a073a343c2ac19d3223d73b841cfd079dc3f33a56e654ea9c34d0c4836678363421b4b04f480c58af38edf9a7211481509cc676e0881a6687c05823061bb5b84
Score10/10-
Modifies Installed Components in the registry
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-