General
-
Target
895vv53.exe
-
Size
156KB
-
Sample
200713-capbkejmcs
-
MD5
b2db5eaaf79d25dcc3673294d6e1c927
-
SHA1
50ee9391673600390cd63c0935013aa2b571a47c
-
SHA256
77ed644af65306cd4cea3eddf6019e5626fe16cbbd0f8c49d76dd21e9683ae5f
-
SHA512
9fe8c3ad8e8637798429549c3b02f6ae1aa9290a31d5d45f213c6a05923ac53cd9ad43a1c2aea05cb4ee1af4ad0090ee3f558b50659e0b8688e3a540c9f53f7a
Static task
static1
Behavioral task
behavioral1
Sample
895vv53.exe
Resource
win7
Behavioral task
behavioral2
Sample
895vv53.exe
Resource
win10v200430
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?AAAAAAAA
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
895vv53.exe
-
Size
156KB
-
MD5
b2db5eaaf79d25dcc3673294d6e1c927
-
SHA1
50ee9391673600390cd63c0935013aa2b571a47c
-
SHA256
77ed644af65306cd4cea3eddf6019e5626fe16cbbd0f8c49d76dd21e9683ae5f
-
SHA512
9fe8c3ad8e8637798429549c3b02f6ae1aa9290a31d5d45f213c6a05923ac53cd9ad43a1c2aea05cb4ee1af4ad0090ee3f558b50659e0b8688e3a540c9f53f7a
Score10/10-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-