General
-
Target
ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
-
Size
1.8MB
-
Sample
201108-vzwpeklq1x
-
MD5
3202904112ba165a8401ef87661a1b8e
-
SHA1
052b8ada0a42f8e62ae6252c3f9ad6288485c92d
-
SHA256
ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
-
SHA512
a0619a68fb4b121c762604ebdde44ff7b9693d8b62dc4cfdd2293d0cec6198fb067726ef9561973a544e23262c14a5843ea3c3bf87de8d468bc4125f7f91a5bd
Static task
static1
Behavioral task
behavioral1
Sample
ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723.exe
Resource
win7v20201028
Malware Config
Extracted
https://iplogger.org/1pzPe7
Targets
-
-
Target
ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
-
Size
1.8MB
-
MD5
3202904112ba165a8401ef87661a1b8e
-
SHA1
052b8ada0a42f8e62ae6252c3f9ad6288485c92d
-
SHA256
ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
-
SHA512
a0619a68fb4b121c762604ebdde44ff7b9693d8b62dc4cfdd2293d0cec6198fb067726ef9561973a544e23262c14a5843ea3c3bf87de8d468bc4125f7f91a5bd
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-