General
-
Target
RegAsm.bin
-
Size
649KB
-
Sample
200921-t88w3lhtn2
-
MD5
91f2eb065ad2dc3a29b1f28668342e56
-
SHA1
1b5013438a97d9a620a6ddaf687f5e31b58fca00
-
SHA256
6d5e3ff4357858fd6bbab3840d78714f9126a5cae6771ba45b833108c2da8b6f
-
SHA512
972ed645179e5521722b7ec484f216d45c975cbaf168f794ae2457512697e30741fa7a973f59a4da9752cfe290e3cbf57bcf2d5f8445a3287de42f1c5479c441
Static task
static1
Behavioral task
behavioral1
Sample
RegAsm.bin.exe
Resource
win7
Malware Config
Targets
-
-
Target
RegAsm.bin
-
Size
649KB
-
MD5
91f2eb065ad2dc3a29b1f28668342e56
-
SHA1
1b5013438a97d9a620a6ddaf687f5e31b58fca00
-
SHA256
6d5e3ff4357858fd6bbab3840d78714f9126a5cae6771ba45b833108c2da8b6f
-
SHA512
972ed645179e5521722b7ec484f216d45c975cbaf168f794ae2457512697e30741fa7a973f59a4da9752cfe290e3cbf57bcf2d5f8445a3287de42f1c5479c441
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-