General
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.28405.19826.328
-
Size
2.4MB
-
Sample
201109-zfbvhrlksx
-
MD5
18add3e7cc5e7c99de849805880b2b38
-
SHA1
3ef9a30881864a658146ac75886d287e97aef02c
-
SHA256
ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
-
SHA512
834bde0ef6b06c62d257f2954baaa3d25add12582ff5a322eaf6861cd1481fb792a5fefb1c263819d4ae5a18944556696b473efd63e66a8b59982efe5c3440e5
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.28405.19826.328.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.28405.19826.328
-
Size
2.4MB
-
MD5
18add3e7cc5e7c99de849805880b2b38
-
SHA1
3ef9a30881864a658146ac75886d287e97aef02c
-
SHA256
ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
-
SHA512
834bde0ef6b06c62d257f2954baaa3d25add12582ff5a322eaf6861cd1481fb792a5fefb1c263819d4ae5a18944556696b473efd63e66a8b59982efe5c3440e5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-