General
-
Target
f4n.exe
-
Size
266KB
-
Sample
201104-tgwg561e3n
-
MD5
1db6bd4d13cb9966e8875b3812aef71d
-
SHA1
974c46a807d2d680dad5b6d63c38dd0e06e1ed68
-
SHA256
9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3
-
SHA512
550405e7409846ab8673b6eacd1a8132d0582b3cde9360f92d812a9e399ac62459798839ae76e57144933fca2fbe36d89bf66fe72df668774eb5a2514a34ae4b
Static task
static1
Behavioral task
behavioral1
Sample
f4n.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
f4n.exe
-
Size
266KB
-
MD5
1db6bd4d13cb9966e8875b3812aef71d
-
SHA1
974c46a807d2d680dad5b6d63c38dd0e06e1ed68
-
SHA256
9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3
-
SHA512
550405e7409846ab8673b6eacd1a8132d0582b3cde9360f92d812a9e399ac62459798839ae76e57144933fca2fbe36d89bf66fe72df668774eb5a2514a34ae4b
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-