General
-
Target
401vv53.exe
-
Size
156KB
-
Sample
200713-ranxqklxnj
-
MD5
347b7f72594a3ca032e578cd191c018e
-
SHA1
2bbc36e17066b640d34fbe6e3e52a10f78dbc6aa
-
SHA256
63b62266bd430cd093c6ee885cbe42c303536dcf223d2157188820b729f29abd
-
SHA512
cc205391bc7fda31076008b7a77609832c28b0c875625dbfcec036f6b8015bee1817f9b4c2f531131b299f7c4f5bedaa76430c4df3870b0fa15e2b6d7b6435a1
Static task
static1
Behavioral task
behavioral1
Sample
401vv53.exe
Resource
win7
Behavioral task
behavioral2
Sample
401vv53.exe
Resource
win10v200430
Malware Config
Extracted
\??\M:\Boot\cs-CZ\Read_Me.txt
http://7rzpyw3hflwe2c7h.onion/?LLLLLLLL
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
401vv53.exe
-
Size
156KB
-
MD5
347b7f72594a3ca032e578cd191c018e
-
SHA1
2bbc36e17066b640d34fbe6e3e52a10f78dbc6aa
-
SHA256
63b62266bd430cd093c6ee885cbe42c303536dcf223d2157188820b729f29abd
-
SHA512
cc205391bc7fda31076008b7a77609832c28b0c875625dbfcec036f6b8015bee1817f9b4c2f531131b299f7c4f5bedaa76430c4df3870b0fa15e2b6d7b6435a1
Score10/10-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-