General
-
Target
hl3x.bin.zip
-
Size
347KB
-
Sample
201105-n8l53hp94x
-
MD5
05e206ed2d96c2102ead56faf6b22162
-
SHA1
ef6f42156f296e62734bd051bf254dcdd73ddd3c
-
SHA256
61aff67fa07877363f2784ec58edc274175faa69a510aaae6dfdc4fe05f45927
-
SHA512
ca21bac7f5fec0d05882b2a5d5fedd97631e67e190ee980b42db4f2b76df1b2ab65a21e579d9ed3aa90bc030a0ab4eb7d9d8b8347f674bb5724c5b2d544cfad6
Static task
static1
Behavioral task
behavioral1
Sample
hl3x.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
hl3x.bin.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
hl3x.bin
-
Size
1.1MB
-
MD5
aa353bc3e7a9c6551c630970bd539d7f
-
SHA1
5466e81368431cc7d95d0e61ccad0532a7850a4b
-
SHA256
98527afb21c16cf3c62da74174d10c01f49070772bf8108ecae708b2420a53f9
-
SHA512
6bf7b873e9ed3acb6ea6f7782a67c549dadea0c33186767dd322818852193111a1f27a19dfd5c639f6c01bc73c9099d8327edd808d9c0509dd8ce91493c32349
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-