ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PWS.Stealer.28405.19826.328
Size

2.4MB
Sample

201109-zfbvhrlksx
MD5

18add3e7cc5e7c99de849805880b2b38
SHA1

3ef9a30881864a658146ac75886d287e97aef02c
SHA256

ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
SHA512

834bde0ef6b06c62d257f2954baaa3d25add12582ff5a322eaf6861cd1481fb792a5fefb1c263819d4ae5a18944556696b473efd63e66a8b59982efe5c3440e5

Score

9^/10

evasion spyware trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.PWS.Stealer.28405.19826.328
- Size
  
  2.4MB
- MD5
  
  18add3e7cc5e7c99de849805880b2b38
- SHA1
  
  3ef9a30881864a658146ac75886d287e97aef02c
- SHA256
  
  ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
- SHA512
  
  834bde0ef6b06c62d257f2954baaa3d25add12582ff5a322eaf6861cd1481fb792a5fefb1c263819d4ae5a18944556696b473efd63e66a8b59982efe5c3440e5
Score

9^/10

evasion trojan spyware
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywaretrojan