Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04-11-2020 18:44
Static task
static1
Behavioral task
behavioral1
Sample
f4n.exe
Resource
win7v20201028
General
-
Target
f4n.exe
-
Size
266KB
-
MD5
1db6bd4d13cb9966e8875b3812aef71d
-
SHA1
974c46a807d2d680dad5b6d63c38dd0e06e1ed68
-
SHA256
9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3
-
SHA512
550405e7409846ab8673b6eacd1a8132d0582b3cde9360f92d812a9e399ac62459798839ae76e57144933fca2fbe36d89bf66fe72df668774eb5a2514a34ae4b
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 api.ipify.org -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
f4n.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 f4n.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString f4n.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
f4n.exepid process 1304 f4n.exe 1304 f4n.exe