General
-
Target
2685a107.exe
-
Size
156KB
-
Sample
200713-qc4my4nmve
-
MD5
876b6d3054b3cf1170e562b02f503533
-
SHA1
ee67672d0fdc6c23f340acbbff2fd5d74a73efae
-
SHA256
1c1716ebfb19251b6a0970761943941ed1e120882029bfb4c2cea881d54e6ac7
-
SHA512
de46440e35ea31fa329e74a9726060212d7ffb49f25f4ace449dfa35b67dd49852ee83736644512700cc44a622514c7f105fc7bfac464e18bb136c782bbe8d23
Static task
static1
Behavioral task
behavioral1
Sample
2685a107.exe
Resource
win7
Behavioral task
behavioral2
Sample
2685a107.exe
Resource
win10v200430
Malware Config
Extracted
\??\M:\Boot\cs-CZ\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?FFFFFFFF
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
2685a107.exe
-
Size
156KB
-
MD5
876b6d3054b3cf1170e562b02f503533
-
SHA1
ee67672d0fdc6c23f340acbbff2fd5d74a73efae
-
SHA256
1c1716ebfb19251b6a0970761943941ed1e120882029bfb4c2cea881d54e6ac7
-
SHA512
de46440e35ea31fa329e74a9726060212d7ffb49f25f4ace449dfa35b67dd49852ee83736644512700cc44a622514c7f105fc7bfac464e18bb136c782bbe8d23
Score10/10-
Modifies Installed Components in the registry
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-