General
-
Target
SecuriteInfo.com.Dropper.Msil.CN.10732.21503
-
Size
1.6MB
-
Sample
201109-zgwwbbqacs
-
MD5
b93d23c44fd72c7cde829ffd46d7a90c
-
SHA1
b84a34510a77ff84c980877d64622186ab8e169c
-
SHA256
d60a9bd623167071bc6e34cccac64b0766b05d1b4f9b0922f6f162c1573f5e19
-
SHA512
1628926bc4884586b8ecfc42a70cf606d2bf238924cf819f76d47cb2656e16fded5a75b523715e311f600988be48dc8f2a1762129a0b6d9fcc6f1eb8345e9bcc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Dropper.Msil.CN.10732.21503.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Dropper.Msil.CN.10732.21503.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Dropper.Msil.CN.10732.21503
-
Size
1.6MB
-
MD5
b93d23c44fd72c7cde829ffd46d7a90c
-
SHA1
b84a34510a77ff84c980877d64622186ab8e169c
-
SHA256
d60a9bd623167071bc6e34cccac64b0766b05d1b4f9b0922f6f162c1573f5e19
-
SHA512
1628926bc4884586b8ecfc42a70cf606d2bf238924cf819f76d47cb2656e16fded5a75b523715e311f600988be48dc8f2a1762129a0b6d9fcc6f1eb8345e9bcc
Score10/10-
Registers COM server for autorun
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Modifies service
-