General
-
Target
8704510.msi
-
Size
316KB
-
Sample
201109-6daaccl5cs
-
MD5
63253fb3fa37a23fef05fd9f09c6c4e5
-
SHA1
7f897b00cc6b1d31af34dbf3ef274037b9ec69b1
-
SHA256
b2d579828599ae4e265f77899466dc005e7685b50dcbf6817388ea22d404ab2c
-
SHA512
31818f83e0b40d7a2c053b0779da671855196c240713d9a1cadfef81b9442887de039110987beb4d48a527b281d2f273b671c061ff7f8eac0983fc12e192200b
Static task
static1
Behavioral task
behavioral1
Sample
8704510.msi
Resource
win7v20201028
Malware Config
Targets
-
-
Target
8704510.msi
-
Size
316KB
-
MD5
63253fb3fa37a23fef05fd9f09c6c4e5
-
SHA1
7f897b00cc6b1d31af34dbf3ef274037b9ec69b1
-
SHA256
b2d579828599ae4e265f77899466dc005e7685b50dcbf6817388ea22d404ab2c
-
SHA512
31818f83e0b40d7a2c053b0779da671855196c240713d9a1cadfef81b9442887de039110987beb4d48a527b281d2f273b671c061ff7f8eac0983fc12e192200b
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Suspicious use of SetThreadContext
-