General
-
Target
70c80253c09aacccddce335b5f3513b4
-
Size
2.3MB
-
Sample
201025-xndm66nktn
-
MD5
70c80253c09aacccddce335b5f3513b4
-
SHA1
f0a87849b3e2306ce3688cb65fcab8ae74e1bba4
-
SHA256
6be2502f47fd78cdabd91d5d2aa199112cf22a4cb9302e3fca67c34ab0ff9d48
-
SHA512
85697ac775ed1d923413dacd57b35dcfb5ddf0ad391733c6972f5106dd3502a3537ee1591764003af1364da0863daff4742c1aadbecf988a7b30eb9784e4ec2c
Static task
static1
Behavioral task
behavioral1
Sample
70c80253c09aacccddce335b5f3513b4.exe
Resource
win7
Malware Config
Targets
-
-
Target
70c80253c09aacccddce335b5f3513b4
-
Size
2.3MB
-
MD5
70c80253c09aacccddce335b5f3513b4
-
SHA1
f0a87849b3e2306ce3688cb65fcab8ae74e1bba4
-
SHA256
6be2502f47fd78cdabd91d5d2aa199112cf22a4cb9302e3fca67c34ab0ff9d48
-
SHA512
85697ac775ed1d923413dacd57b35dcfb5ddf0ad391733c6972f5106dd3502a3537ee1591764003af1364da0863daff4742c1aadbecf988a7b30eb9784e4ec2c
-
Echelon log file
Detects a log file produced by Echelon.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-