General
-
Target
ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
-
Size
238KB
-
Sample
201108-ng3y2txwxj
-
MD5
f5f86b762cc6bff03cc5a7a7266d9bca
-
SHA1
c295fb12ad2eaf35230a9f3f4d7f254b65c4d6d7
-
SHA256
ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
-
SHA512
5d1adc85691544781fad2c6e92450ccbcc425fbce26b331b04538372277b7411a4c99a7df5157d685782ec5580c17943805aca09e74c1e39c550fa8314221226
Static task
static1
Behavioral task
behavioral1
Sample
ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
-
Size
238KB
-
MD5
f5f86b762cc6bff03cc5a7a7266d9bca
-
SHA1
c295fb12ad2eaf35230a9f3f4d7f254b65c4d6d7
-
SHA256
ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
-
SHA512
5d1adc85691544781fad2c6e92450ccbcc425fbce26b331b04538372277b7411a4c99a7df5157d685782ec5580c17943805aca09e74c1e39c550fa8314221226
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-
Drops file in System32 directory
-