General
-
Target
XINOF4.2.1.exe
-
Size
379KB
-
Sample
201030-ywppe9yd4a
-
MD5
b33099e43bc639110baab265f19eaab8
-
SHA1
17b5517634e881ab6e832476c6c9d8702941dde1
-
SHA256
acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3
-
SHA512
ce777ff2247a56c2b1e44eb3dd7affa423022bc81fb3058f8041fa64e63032771b9ae46499d3d0e62111968c665e104ee4e1fa3aefd858cc81df6e3037366b22
Static task
static1
Behavioral task
behavioral1
Sample
XINOF4.2.1.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\How To Decrypt Files.hta
Targets
-
-
Target
XINOF4.2.1.exe
-
Size
379KB
-
MD5
b33099e43bc639110baab265f19eaab8
-
SHA1
17b5517634e881ab6e832476c6c9d8702941dde1
-
SHA256
acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3
-
SHA512
ce777ff2247a56c2b1e44eb3dd7affa423022bc81fb3058f8041fa64e63032771b9ae46499d3d0e62111968c665e104ee4e1fa3aefd858cc81df6e3037366b22
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Drops startup file
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
1Scheduled Task
1Hidden Files and Directories
1Defense Evasion
Indicator Removal on Host
1File Deletion
3File Permissions Modification
1Modify Registry
2Hidden Files and Directories
1