General
-
Target
DataStealer (2).bin
-
Size
1.9MB
-
Sample
200717-agdeb3z9ts
-
MD5
022aeda92e92dfb3e8522bef19a4e838
-
SHA1
75a2509111462fe4619aada62604936c000943c2
-
SHA256
422761ce807ba569d378b3130493e84a531d310d1ed8e0559d6313fdf91cd5b0
-
SHA512
e264e50a184cd9061dd606e02ce853c229d43b9cc12862ee887edbc87ccf6b01bdd0297ea065badcfcf778612dd0bb082408dda3ea76bc30e8b7235fb3fc78cb
Static task
static1
Behavioral task
behavioral1
Sample
DataStealer (2).bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
DataStealer (2).bin.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
DataStealer (2).bin
-
Size
1.9MB
-
MD5
022aeda92e92dfb3e8522bef19a4e838
-
SHA1
75a2509111462fe4619aada62604936c000943c2
-
SHA256
422761ce807ba569d378b3130493e84a531d310d1ed8e0559d6313fdf91cd5b0
-
SHA512
e264e50a184cd9061dd606e02ce853c229d43b9cc12862ee887edbc87ccf6b01bdd0297ea065badcfcf778612dd0bb082408dda3ea76bc30e8b7235fb3fc78cb
Score10/10-
Echelon log file
Detects a log file produced by Echelon.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-